The following is part of a plpgsql function. The problem is that the result of source_geom and target_geom is a character varying data type, and therefore I need to surround the both source_geom and target_geom in quotes(' '). The thing is that in plpgsql language how I don't know I can do it.
Here's what I have at the moment:
EXECUTE 'update ' || quote_ident(geom_table) ||
' SET source = ' || source_geom ||
', target = ' || target_geom ||
' WHERE ' || quote_ident(gid_cname) || ' = ' || _r.id;
The error that I am having is the following;
ERROR: syntax error at or near "C03B9E3B66052D400DDEFC2BD0F24140"
LINE 1: ...pdate track_points SET source = 0101000020E6100000C03B9E3B66...
^
QUERY: update track_points SET source = 0101000020E6100000C03B9E3B66052D400DDEFC2BD0F24140, target = 0101000020E610000075690DEF83052D40F88E75CCD4F24140 WHERE ogc_fid = 2
CONTEXT: PL/pgSQL function "create_network" line 26 at EXECUTE statement
Please any suggestions how I can solve this problem.?
Using EXECUTE ... USING with the format() function and its format specifiers will make your code much safer, simpler, easier to read and probably faster.
SQL INJECTION WARNING: If you ever accept source_geom or target_geom from the end user, your code is potentially vulnerable to SQL injection. It is important to use parameterized statements (like EXECUTE ... USING) or failing that, paranoid quoting to prevent SQL injection attacks. Even if you don't think your function takes user input you should still harden it against SQL injection, because you don't know how your app will evolve.
If you're on a newer PostgreSQL with the format function your code can be significantly simplified into:
EXECUTE format('update %I SET source = %L, target = %L WHERE %I = %L',
geom_table, source_geom, target_geom, gid_cname, _r.id);
... which handles identifier (%I) and literal (%L) quoting for you using format specifiers so you don't have to write all that awful || concatenation and quote_literal/quote_ident stuff.
Then, as per the documentation on EXECUTE ... USING you can further refine the query into:
EXECUTE format(
'update %I SET source = $1, target = $2 WHERE %I = $3',
geom_table, gid_cname
) USING source_geom, target_geom, _r.id;
which turns the query into a parameterised statement, clearly separating parameters from identifiers and reducing string processing costs for a more efficient query.
Use extra quotes:
EXECUTE 'update ' || quote_ident(geom_table) ||
' SET source = ''' || source_geom || '''
, target = ''' || target_geom || '''
WHERE ' || quote_ident(gid_cname) || ' = ' || _r.id;
Related
Any ideas on how to use spatial functions in either a procedure or a calculation view? I cannot use a table function, as I need a cursor. Please see issues below:
I tried dynamic SQL in a stored procedure with select into (Doesn't allow into):
(About three months back it did work, but now cannot activate?)
This blog says it should work:
https://blogs.sap.com/2017/04/18/sap-hana-2.0-sps-01-new-developer-features-database-development/
Dynamic SQL:
EXECUTE IMMEDIATE 'SELECT NEW ST_Point(' || char(39) || 'POINT(' || decEndPointLong1 || ' ' || decEndPointLat1 || ')' || char(39) || ', 4326).ST_Distance( NEW ST_Point(' || char(39) || 'POINT(' || CURRLONG || ' ' || CURRLAT || ')' || char(39) || ', 4326)) FROM DUMMY' INTO dDistEP1;
Then, I thought that I would create a calculation view,
This blog says it should work:
https://blogs.sap.com/2018/02/23/compute-distance-using-a-calculation-view-xs-advanced-model/
But, does not allow the use of spatial functions in ether columnengine or SQL engine.
Calculated Column:
I went back and tried to re-activate the procedure that contains this code and has been working, and still works, but if I edit it and try to activate it has the same compile error. Cannot select into variable. So, something has changed since I first created this procedure.
Wow, I stumbled upon an alternate syntax that does not need single quotes:
https://blogs.sap.com/2017/02/17/transforming-spatial-data-in-sap-hana/
SELECT NEW ST_Point(-117.0400842, 32.92197086).ST_SRID(4326).ST_Distance( NEW ST_Point(-117.0394467, 32.92241185).ST_SRID(4326)) FROM DUMMY
Now, I think that I can eliminate the Dynamic SQL.
Looking at the two differ ways:
1) SELECT NEW ST_Point(-117.0400842, 32.92197086).ST_SRID(4326).ST_Distance( NEW ST_Point(-117.0394467, 32.92241185).ST_SRID(4326)) FROM DUMMY;
2) SELECT NEW ST_Point('POINT(-117.0400842 32.92197086)', 4326).ST_Distance( NEW ST_Point('POINT(-117.0394467 32.92241185)', 4326)) FROM DUMMY;
They yield slightly different results (meters):
77.06
77.12
Probably, because (1) converts a calculated point to 4326, and (2) calculates the point based on 4326.
So, this code:
EXECUTE IMMEDIATE 'SELECT NEW ST_Point(' || char(39) || 'POINT(' || decEndPointLong1 || ' ' || decEndPointLat1 || ')' || char(39) || ', 4326).ST_Distance( NEW ST_Point(' || char(39) || 'POINT(' || CURRLONG || ' ' || CURRLAT || ')' || char(39) || ', 4326)) FROM DUMMY' INTO dDistEP1;
Boiled down to:
SELECT r1.FROMLAT INTO decEndPointLat1 FROM DUMMY;
SELECT r1.FROMLONG INTO decEndPointLong1 FROM DUMMY;
SELECT NEW ST_Point(decEndPointLong1, decEndPointLat1).ST_SRID(4326) INTO stEndCoord1 FROM DUMMY;
SELECT NEW ST_Point(CURRLONG, CURRLAT).ST_SRID(4326) INTO stCurrCoord FROM DUMMY;
SELECT stEndCoord1.ST_Distance(stCurrCoord) INTO dDistEP1 FROM DUMMY;
Is it possible to update a variable with a concatenation of variables(columns of VARCHARS2)?
UPDATE ARTICLE
SET DESCRIPTION = (CPV_DESCRIPTION + '/' LEVEL1_DESCRIPTION + LEVEL2_DESCRIPTION+LEVEL3_DESCRIPTION)
WHERE ID_ARTICULO = 209;
UPDATE ARTICLE
SET DESCRIPTION = concat(CPV_DESCRIPTION,'/',LEVEL1_DESCRIPTION,' ',LEVEL2_DESCRIPTION' 'LEVEL3_DESCRIPTION)
WHERE ID_ARTICULO = 209;
Both cases it gives me an error.
As mentioned by #a_horse... concat() function only takes 2 parameters. When you specify more that 2 parameters to be concated, you need to use || operator. Also + is a logical operator in Oracle unlike its used in Java for concatenation. Try this:
UPDATE ARTICLE
SET DESCRIPTION = CPV_DESCRIPTION
|| '/'
||LEVEL1_DESCRIPTION
||' '
||LEVEL2_DESCRIPTION
||' '
||LEVEL3_DESCRIPTION
WHERE ID_ARTICULO = 209;
I have this code:
def_where:=def_where||' TO_CHAR(date_of_input,''MM'') like '''||'to_char(date_of_input,''MM'')=nvl(:DSP_month,to_char(date_of_input,''MM''))'||'%' ||'to_char(date_of_input,''RRRR'')=nvl(:DSP_year,to_char(date_of_input,''RRRR''))'||'%''';
and i m getting error sql command not properly ended.
def_where suggest, that this is part of dynamically built query, condition of where clause. But produced string makes no sense, it should be something like:
declare
def_where varchar2(32767) := '';
begin
def_where := def_where
|| ' to_char(date_of_input, ''MM'') '
|| ' = nvl(:DSP_month, to_char(date_of_input, ''MM'')) and'
|| ' to_char(date_of_input, ''RRRR'') '
|| ' = nvl(:DSP_year, to_char(date_of_input, ''RRRR''))';
dbms_output.put_line(def_where);
end;
Look what you got from dbms_output, correct this syntax if needed. You could also rewrite your string to get this:
(extract(month from date_of_input) = :DSP_month or :DSP_month is null) and
(extract(year from date_of_input) = :DSP_year or :DSP_year is null)
I was wondering how to combine Varchar variables in a stored procedure. I want to combine email addresses into a single variable based of access level. I have tried doing a few things in my if statement.
For example I have tried both:
v_m1_email = Concat(v_m1_email, ' , ' , v_email)
and
v_m1_email = v_m1_email || ' , ' || v_email
My code:
CREATE PROCEDURE ALERTEMAIL (OUT p_m1_email VARCHAR(300),
OUT p_m2_email VARCHAR(300),
OUT p_m3_email VARCHAR(300),
OUT p_m4_email VARCHAR(300))
DYNAMIC RESULT SETS 1
P1: BEGIN
DECLARE v_email VARCHAR(50);
DECLARE v_access CHAR(5);
DECLARE v_m1_email VARCHAR(300);
DECLARE v_m2_email VARCHAR(300);
DECLARE v_m3_email VARCHAR(300);
DECLARE v_m4_email VARCHAR(300);
DECLARE SQLSTATE CHAR(5);
DECLARE cursor1 CURSOR WITH RETURN for
SELECT EMAIL,JOB_ID FROM PERSONNEL;
OPEN cursor1;
FETCH cursor1 INTO v_email, v_access;
WHILE (SQLSTATE = '00000') DO
IF v_access = 'Man1' THEN
SET v_m1_email = v_m1_email + ' , ' + v_email;
ELSEIF v_access = 'Man2' THEN
SET v_m2_email = v_m2_email + ' , ' + v_email;
ELSEIF v_access = 'Man3' THEN
SET v_m3_email = v_m3_email + ' , ' + v_email;
ELSEIF v_access = 'Man4' THEN
SET v_m4_email = v_m4_email + ' , ' + v_email;
END IF;
FETCH cursor1 INTO v_email, v_access;
END WHILE;
SET p_m1_email = v_m1_email;
SET p_m2_email = v_m2_email;
SET p_m3_email = v_m3_email;
SET p_m4_email = v_m4_email;
END P1
With regard to the first of what already had been tried from the OP, just as #I_am_Batman on 23-Apr-2016 already noted, the syntax for the CONCAT scalar >>-CONCAT--(--expression1--,--expression2--)------>< is limited to just the two arguments, so the expression coded as Concat(v_m1_email, ' , ' , v_email) would fail, presumably with a sqlcode=-170 suggesting something like "Number of arguments for function CONCAT not valid."
Which variant of DB2 was not noted [not in tag nor by comment in the OP], but I offer this link to some doc DB2 for Linux UNIX and Windows 9.7.0->Database fundamentals->SQL->Functions->Scalar functions->CONCAT
However there is nothing conspicuously incorrect with the second of what already had been tried from the OP; i.e. assuming the assignment and expression shown, had been coded just as shown in the body of the CREATE PROCEDURE, with a preceding SET and a trailing ;. In that case, the statement SET v_m1_email = v_m1_email || ' , ' || v_email; should have been able to pass both syntax-checking and data-type\validity-checking. Whereas what is shown in the OP as SET v_m1_email = v_m1_email + ' , ' + v_email; is not valid except when the values of both variables always would be valid string-representations of numbers; that is because the + operator is a numeric-operator rather than the [conspicuously as-desired] string-operator used to effect concatenation [i.e. for "combining strings"].
[ed: 22-Aug-2016] I forgot there was a constant\literal ' , ' in the above expression, so that string-literal also would have to evaluate as a numeric to allow that expression with the + as addition-operator to function at run-time. But of course, that literal could never be interpreted as a numeric; so while the expression could be treated as valid for compile-time [with implicit cast in effect and data-checking not examining the literal value], that expression never would be capable of being evaluated at run-time.
Therefore, if the || operator was properly coded [as seems so, given what was claimed to have been "tried"], yet did not effect what was desired, then the OP would need to be updated to state exactly what was the problem. For example, perhaps there was an error in compile\CREATE of the routine, or perhaps a run-time error for which the effect of the concatenation was perhaps untrimmed results or some other unexpected output, or something else.?.?
Note: as I already added in a comment to a prior answer, the use of CONCAT operator vs the equivalent || in SQL source enables use of that source in\across other code pages without a possible issue due to the use of a variant character.
p.s. A CASE statement might be preferred in place of the IF\ELSE constructs
p.p.s. Might be worth review if the SP really should return both the RS and, or just, the OUT parameters
String concatenation can be done with the || operator.
set vEmail = userName || '#' || domain || '.' || tld;
Give that a try.
I have a problem working with a stored procedure on work.
It's a stored procedure which is used by several bigger procedures. The procedure which does the work is called C, and the ones who call it are A and B.
The problem I have is that when I run A, everything goes smoothly, but when I run B, I get a missing expression error, which I don't get when I call A, even tough B and A have the same flow of procedure calls (so, it's kind of a really weird error).
The C procedure has the same code:
procedure C ( LO in varchar2,
EN in varchar2,
CA in array1d,
IA in number,
AR in array2d )
is
CQ varchar2(5);
ET varchar2(2000);
OL varchar2(100);
NE varchar2(100);
TE varchar2(100);
XU varchar2(100);
begin
LO := '05';
TE := 'VAR';
CQ := '''';
OL := CQ || LO || CQ;
TE := CQ || TE || CQ;
NE := CQ || EN || CQ;
ET := 'PAR1 = ' || CA(1) || ',' ||
'PAR2 = ' || CA(2) || ',' ||
'PAR3 = ' || CA(3) || ',' ||
'PAR4 = ' || CA(4) || ',' ||
'PAR5 = ' || CA(5) || ',' ||
'PAR6 = ' || CA(6) || ',' ||
'PAR7 = ' || CA(7) || ',' ||
'PAR8 = ' || CA(8) || ',' ||
'PAR9 = ' || CA(9);
execute immediate 'update table_st set ' || ET || '
where field1 = ' || OL || '
AND field2 = ' || NE || '
AND field3 = ' || TE;
end;
The error I get is missing expression, and it seems to appear on the first line of the execute immediate. After some analysis, I realized the data from the 2d ARRAY is initialized with some empty strings ''.
I am wondering if you could help me to see this error from a new perspective, because as I see it, there seems to be no syntax error to justify the missing expression error I get, but I know I may be wrong.
If further details are needed, let me know.
At a minimum, I'd say the variables LO, CQ haven't been declared, and EN and CA haven't been declared or initialized.
Also, you declared NE as a verchar2 when I think you meant varchar2.
I also agree with Juan's observation that you may want to double check this line:
CQ := q'[']';
Did you mean:
CQ := q'['']';
Honestly not sure, but worth a look.
Oracle should tell you if the procedure compiles, and I think these errors alone will prevent it from doing that. If you don't ever declare the contents of EN and CA, it might still compile but fail when it runs.