Giving parameter in Native sql in hibernate - sql

Can someone please tell me how I can send parameter in native sql in hibernate
In the following code, i want to enter contract_id as a parameter.
List list=session.createSQLQuery("select {b.*},{p.*},{t.*} from bidtool.bt_boiler_plates b,bidtool.bt_profile p,bidtool.bt_trade_lane t "
+ "where b.contract_id=p.contract_id AND p.contract_id=t.contract_id AND ")
.addEntity("b",Boiler_Plates.class)
.addEntity("p",BidToolProfiles.class)
.addEntity("t",BidToolTradeLanes.class).list();
Your help will be appreciated. Thanks

Try:
List list=session.createSQLQuery("select {b.*},{p.*},{t.*} from bidtool.bt_boiler_plates b,bidtool.bt_profile p,bidtool.bt_trade_lane t "
+ "where b.contract_id=p.contract_id AND p.contract_id=t.contract_id AND contract_id=:contractId")
.addEntity("b",Boiler_Plates.class)
.addEntity("p",BidToolProfiles.class)
.addEntity("t",BidToolTradeLanes.class)
.setParameter("contractId", contractId).list();

Take a look on this..
Query query = session.createSQLQuery("select {b.*},{p.*},{t.*} from bidtool.bt_boiler_plates b,bidtool.bt_profile p,bidtool.bt_trade_lane t "
+ "where b.contract_id=p.contract_id AND p.contract_id=t.contract_id AND contract_id=:ID")
.addEntity("b",Boiler_Plates.class)
.addEntity("p",BidToolProfiles.class)
.addEntity("t",BidToolTradeLanes.class);
List list = query.setInteger("ID", 1234).list();

Related

double where statement in SQL and ASP

I am a little lost on how to incorporate TWO Where in my sql statement in my asp.
I am trying to get the userID and password entered previously and compare it with what I have in my database created on SQL:
I think my problem comes from my double quotation and single quotation.
UserID is a number in my database and Password is a short text.
var mycon = new ActiveXObject("ADODB.Connection");
var myrec = new ActiveXObject("ADODB.Recordset");
mycon.Open("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\\Users\\Omnivox.mdb");
var txtpassword = Request.QueryString("txtpassword");
var txtuserID = parseInt (Request.QueryString("txtuserID"));
var sql;
sql = "SELECT UserID, UserPassword FROM UserOmnivox WHERE UserID=" +txtuserID+ " AND UserPassword='" + txtpassword + "';";
myrec.Open(sql, mycon);
thank you
UPDATE: It is still not working. The error massage is : no value given for one or more required parameters for the line myrec.Open(sql,mycon)
Change
sql = "SELECT * FROM UserOmnivox WHERE UserID=" +txtuserID "AND UserPassword="'+txtpassword';
to
sql = "SELECT * FROM UserOmnivox WHERE UserID=" +txtuserID + " AND UserPassword='"+txtpassword+"'";
If you'd done any kind of basic debugging, like LOOKING at the query string you're generating, you'd have seen this:
sql = "SELECT [..snip..] UserID=" +txtuserID "AND UserPassword="'+txtpassword
^^--- no space
^--- missing +
which produces
SELECT .... UserID=1234AND userPassword
^^---syntax error, no such field '1234AND'
And then, yes, your quotes are wrong too
sql = "SELECT ... UserID=" +txtuserID "AND UserPassword="'+txtpassword
^------------------^-- one string
^-----------------^-- another string
^---???
It should be
sql = "SELECT * FROM UserOmnivox WHERE UserID=" +txtuserID + " AND UserPassword='" + txtpassword + "';";
I find another more flexible solution is better. Sometimes based on conditions you have one where condition, in others you have zero, and in others you have two. If you go down these paths they don't solve that issue. The following does.....
Some sql query
where 1=1 -- ## A condition that will always be true and does nothing to your query.
and first optional where clause
and second optional where clause
This way if you don't have the first where clause in a given situation but you do have the second you are not missing the words "where". You always have the where and you optionally add any array of "and" parts to your where statement. 100% flexibility in this method works for all challenges. Plus it is easier to follow code once you get past the wtf is this 1=1 nonsense reaction.

Access: Runtime error 3075 (missing operator) in SQL update query

First time using Access and wanted to make an update query that uses a variable for its table name. Now, I've gotten myself into a web of nothing good. When I get to the part the SQL code is needed for, I get Runtime error 3075 - Missing operator in '(((" + enteredid + ".todayDate)=Format(Now()','""Short Date"")))' I've never coded in SQL, so I have no clue what operators are needed.
My code:
strSQL = "UPDATE " + enteredid + " SET " + enteredid + ".signIn = Format(Now(),""Short Time"") WHERE (((" + enteredid + ".todayDate)=Format(Now()','""Short Date"")));"
My suggestions:
You can avoid the whole Format() issue in the WHERE clause by using the Date() function instead of trying to extract just the date part of Now().
Since you are doing an UPDATE on a single table you can just use the field (column) names without the TableName. prefix.
To make your code more robust, enclose the table name in square brackets so it won't crash if the table name contains spaces or other "funny" characters.
So, the revised code would look more like this:
strSQL = _
"UPDATE [" + enteredid + "] SET " + _
"signIn = Format(Now(),""Short Time"") " + _
"WHERE todayDate = Date()"

Search AutoNumber field in Access via SQL (VB)

I'm trying to allow the 'user' to search for 'members' by searching for their member ID. Here is a screenshot of the database (design view).
https://drive.google.com/file/d/0B7pMpT1WtgKDVU5MVkFYNXJjcTA/edit?usp=sharing
If in VB I search for the ID as an Integer it produces a datatype mismatch error (see below)
https://drive.google.com/file/d/0B7pMpT1WtgKDMFVtYlFiWlpES0E/edit?usp=sharing
Sorry for asking another probably pointless question, thank you though - mean's a lot!
The error lies in this line:
sqlstatement = "Select * from Members where ID = '" + MemberID + "';"
It should be:
sqlstatement = "Select * from Members where ID = " + MemberID + ";"
Since your "ID" field is Autonumber, you're checking condition with a string which is wrong.
You're doing
"WHERE ID = '" + MemberID + "';"
in your VB code. I think this might be your
problem. I guess it thinks the ID is string,
and not int.
I am not very familiar with VB but
try it without the '' i.e. like this:
"WHERE ID = " + MemberID + ";"

Convert SQL to HQL?

How can I convert the following SQL query into HQL?
SELECT count(sa.AID)
FROM A sa
, B sal,C m
WHERE sa.AID = sal.AID(+) and sa.BID = m.BID and sa.AID ='0001'
You need to transfer each table/column into it's associated Entity/Class in JAVA, then build the query with Hibernate ORM as below.
Suppose
- The entity name for the table sa is saEntity, for the table B is bEntity, and for the table C is cEntity.
- The class name for the column AID is AidClass, and for the column BID is BidClass
Then the Hibernate ORM query can be written as per the following (I like formating HQL queries inside annotations on multiple lines to make it easier to read & adapt).
#Query( "SELECT COUNT(sa.AidClass) "
+ "FROM saEntity sa, "
+ " bEntity sal "
+ " cEntity m"
+ "WHERE sa.AidClass = sal.AidClass"
+ " AND sa.BidClass = m.BidClass "
+ " AND sa.AidClass ='0001'")
public List <?> runMyQueryMethod();
Try looking at the answer to this question.
HQL to SQL converter
Or this article may help..
https://forum.hibernate.org/viewtopic.php?t=972441
If you showed some of the mappings I could probably help with the HQL. You could just use
Session.CreateSQLQuery instead??

Syntax error in update statement

code:
string query1 = #"UPDATE global_mapping set escape_id = " +
dataGridView1.Rows[i].Cells[2].Value + ",function_id = " +
dataGridView1.Rows[i].Cells[3].Value + ",function_name = '" +
dataGridView1.Rows[i].Cells[4].Value + "',parameter_name = '" +
dataGridView1.Rows[i].Cells[5].Value + "',parameter_validity = '" +
dataGridView1.Rows[i].Cells[6].Value + "',statusparameter_id = " +
dataGridView1.Rows[i].Cells[7].Value + ",acb_datatype = '" +
dataGridView1.Rows[i].Cells[8].Value + "',data_type_id = " +
dataGridView1.Rows[i].Cells[9].Value + ",bit_size = " +
dataGridView1.Rows[i].Cells[10].Value + ",validity_status ='" +
dataGridView1.Rows[i].Cells[11].Value + "',validity_func = '" +
dataGridView1.Rows[i].Cells[12].Value + "'WHERE global_mapping.parameter_id =" +
dataGridView1.Rows[i].Cells[1].Value + "";
OleDbCommand cmd1 = new OleDbCommand(query1, conn);
cmd1.ExecuteNonQuery();
code ends:
When I execute the above code I get an error stating "Syntax error in Update statement".
Can someone please tell me how to resolve this?
It looks like you need to add a space before your WHERE clause.
Hope this helps,
Bill
Wow. Can we say... SQL Injection?
Try using Parameters. Not only will you protect yourself, but your SQL will become MUCH more readable.
Never use string concatenation for building SQL queries. Use SQL parameters.
Yikes!
Please provide the final query1 value and try to format it so we can get a better picture of it. My guess is a missing ' or something.
I'd say you're missing some quotes in there but your code is such a pig-sty I can't tell. If you won't fix your code then at the minimum give us a dump of query1 so we can read your actual query.
And use parameters or stored procedures like the previous responses said. All it takes is one of your variables to get overwritten with something nasty and your server will be wide open to anyone deleting your tables or worse.
Even if this is a local "safe" database you should unlearn your bad habits now.
Put
Console.WriteLine(query1)
before OleDbCommand cmd1 = new OleDbCommand(query1, conn);
See the value of query1 printed to console window.
Does the SQL Statement look OK? I guess not - you will now be able to find a field which is non-numeric and is blank in the grid.
And, use parameters as others have said.