I am using jsp-jdbc and I want to use the value of a argument in sql statements.
For eg: http://localhost:3232/file.jsp?name="as"
In the jsp file containing jsp I want:
select * from books where name= (the value of argument 'name' in the url)
How will it do?
You can use HttpServletRequest#getParameter() to get the request parameter.
String name = request.getParameter("name");
// ...
You can use PreparedStatement#setXxx() to set an user-definied variable in a SQL string.
preparedStatement = connection.prepareStatement("SELECT * FROM books WHERE name=?");
preparedStatement.setString(1, name);
resultSet = preparedStatement.executeQuery();
// ...
Note that this job doesn't belong in a JSP, but in a Servlet (with a service/DAO class).
See also:
Advanced Servlets/JSP tutorial
JDBC tutorial - Prepared statements
Related
I'm building a command line application that needs to connect in various postgresql databases and execute different queries in the ones as Prepared Statements. In a specific query, I need to use the IN clause in conjunction with the ActiveRecord's connection_raw method. My code is so:
ActiveRecord::Base.connection_raw.prepare('read_publications', "UPDATE publications SET readed = TRUE WHERE id IN ($1);")
After, I try execute this query:
ActiveRecord::Base.connection_raw.exec_prepared('read_publications', [1,2,3,4])
The problem is this is not working. The following error is raised when the query runs:
no implicit conversion of Array into Integer
What I'm doing wrong? Exists a way in that I can convert this array to a value that the IN clause can understand?
If you are using a raw connection, you can't pass in arrays like you can with ActiveRecords. ActiveRecord does some preprocessing for you. If you need raw SQL, then you need a parameter for each array element.
arr = [1,2,3,4]
i = 1
param = []
arr.each { param.push(i); i+=1; }
sql = "UPDATE publications SET readed = TRUE WHERE id IN ($"+param.join(',$')+");"
ActiveRecord::Base.connection_raw.prepare('read_publications', sql)
ActiveRecord::Base.connection_raw.exec_prepared('read_publications', arr)
However, the documentation says the array parameters has to be in a certain format:
https://deveiate.org/code/pg/PG/Connection.html#method-i-exec_prepared
params is an array of the optional bind parameters for the SQL query. Each element of the params array may be either:
a hash of the form:
{:value => String (value of bind parameter)
:format => Fixnum (0 for text, 1 for binary)
}
See similar question: Prepare and execute statements with ActiveRecord using PostgreSQL
I am trying to use a ruby variable inside an sql statement. The following code works and deletes the second record of the templates table. How do i replace this number with my user defined variable "deleteid"?
deleteid = gets.chomp
$db.execute %q{DELETE FROM templates
WHERE id = 2}
You can use string interpolation:
$db.execute %{DELETE FROM templates WHERE id = #{deleteid}}
$db.execute %Q{DELETE FROM templates WHERE id = #{deleteid}}
UPDATE
User can pass arbitrary string. Using deleteid directly can be dangerous. As #muistooshort commented, you should escape the deleteid.
Consult your db driver's documentation for methods that accepts parameter and escape the parameter (or prepare method).
For example, if you use sqlite3-ruby, you can use Database#query, which will escape for you.
$db.prepare(%q{DELETE FROM templates WHERE id = ?}, [deleteid])
in pg, use Connection#exec_params:
$db.exec_params(%q{DELETE FROM templates WHERE id = $1}, [deleteid])
I am calling a stored procedure from my Groovy code. The stored proc looks like this
SELECT * FROM blahblahblah
SELECT * FROM suchAndsuch
So basically, two SELECT statements and therefore two ResultSets.
sql.eachRow("dbo.testing 'param1'"){ rs ->
println rs
}
This works fine for a single ResultSet. How can I get the second one (or an arbitrary number of ResultSets for that matter).
You would need callWithAllRows() or its variant.
The return type of this method is List<List<GroovyRowResult>>.
Use this when calling a stored procedure that utilizes both output
parameters and returns multiple ResultSets.
This question is kind of old, but I will answer since I came across the same requirement recently and it maybe useful for future reference for me and others.
I'm working on a Spring application with SphinxSearch. When you run a query in sphinx, you get results, you need to run a second query to get the metadata for number of records etc...
// the query
String query = """
SELECT * FROM INDEX_NAME WHERE MATCH('SEARCHTERM')
LIMIT 0,25 OPTION MAX_MATCHES=25;
SHOW META LIKE 'total_found';
"""
// create an instance of our groovy sql (sphinx doesn't use a username or password, jdbc url is all we need)
// connection can be created from java, don't have to use groovy for it
Sql sql = Sql.newInstance('jdbc:mysql://127.0.0.1:9306/?characterEncoding=utf8&maxAllowedPacket=512000&allowMultiQueries=true','sphinx','sphinx123','com.mysql.jdbc.Driver')
// create a prepared statement so we can execute multiple resultsets
PreparedStatement ps = sql.getConnection().prepareStatement(query)
// execute the prepared statement
ps.execute()
// get the first result set and pass to GroovyResultSetExtension
GroovyResultSetExtension rs1 = new GroovyResultSetExtension(ps.getResultSet())
rs1.eachRow {
println it
}
// call getMoreResults on the prepared statement to activate the 2nd set of results
ps.getMoreResults()
// get the second result set and pass to GroovyResultSetExtension
GroovyResultSetExtension rs2 = new GroovyResultSetExtension(ps.getResultSet())
rs2.eachRow {
println it
}
Just some test code, this needs some improving on. You can loop the result sets and do whatever processing...
Comments should be self-explanatory, hope it helps others in the future!
Say, I have a jMeter variable var equals 123.
I also have a query stored in a sql file:
SELECT * FROM Table WHERE ID = ${var}
All I need is to read that query from the file and evaluate ${var} into actual value, and then execute it in JDBC Sampler. So I need to combine these two pieces into
SELECT * FROM Table WHERE ID = 123
and pass the query to JDBC sampler.
Though, jMeter doesn't evaluate the ${var} parameter stored in that sql file and all I can pass to JDBC sampler is (obvious one):
SELECT * FROM Table WHERE ID = ${var}.
Does anyone know how to make jMeter evaluate the stored variable into actual value?
I had a similar requirement.
You need to use Beanshell Preprocessor for the JDBC sampler. Copy the below script and put it in a .bsh file and call it. I assumed you have the query stored in 'SQLQuery' variable.
I tested the below script and it works.
import java.util.regex.Matcher;
import java.util.regex.Pattern;
String regex = "\\$\\{([^}]+)\\}";
SQLQuery = vars.get("SQLQuery");
Pattern pattern = Pattern.compile(regex);
Matcher matcher = pattern.matcher(SQLQuery);
while(matcher.find())
{
String token = matcher.group(); //${var}
String tokenKey = matcher.group(1); // var
SQLQuery = SQLQuery.replaceFirst(Pattern.quote(token), Matcher.quoteReplacement(vars.get(tokenKey)));
}
vars.put("SQLQuery", SQLQuery);
You need to use a "Prepared Select Statement" as Query Type. Prepared Statements
Then replace your ${var} with ?
SELECT * FROM Table WHERE ID = ?
And add the 2 parameters at the bottom.
Parameter values: ${var}
Parameter types: INT
my problem is about this kind of query :
select * from SOMETABLE where SOMEFIELD in ('STRING1','STRING2');
the previous code works fine within Sql Developer.
The same static query also works fine and returns me a few results;
Query nativeQuery = em.createNativeQuery(thePreviousQuery,new someResultSet());
return nativeQuery.getResultList();
But when I try to parameterize this, I encounter a problem.
final String parameterizedQuery = "select * from SOMETABLE where SOMEFIELD in (?selectedValues)";
Query nativeQuery = em.createNativeQuery(parameterizedQuery ,new someResultSet());
nativeQuery.setParameter("selectedValues","'STRING1','STRING2'");
return nativeQuery.getResultList();
I got no result (but no error in console).
And when I look at the log, I see such a thing :
select * from SOMETABLE where SOMEFIELD in (?)
bind => [STRING1,STRING2]
I also tried to use no quotes (with similar result), or non ordered parameter (:selectedValues), which leads to such an error :
SQL Error: Missing IN or OUT parameter at index:: 1
I enventually tried to had the parentheses set directly in the parameter, instead of the query, but this didn't work either...
I could build my query at runtime, to match the first (working) case, but I'd rather do it the proper way; thus, if anyone has an idea, I'll read them with great interest!
FYI :
JPA version 1.0
Oracle 11G
JPA support the use of a collection as a list literal parameter only in JPQL queries, not in native queries. Some JPA providers support it as a proprietary feature, but it's not part of the JPA specification (see https://stackoverflow.com/a/3145275/1285097).
Named parameters in native queries also aren't part of the JPA specification. Their behavior depends on the persistence provider and/or the JDBC driver.
Hibernate with the JDBC driver for Oracle support both of these features.
List<String> selectedValues = Arrays.asList("STRING1", "STRING2");
final String parameterizedQuery = "select * from SOMETABLE where SOMEFIELD in (:selectedValues)";
return em.createNativeQuery(parameterizedQuery)
.setParameter("selectedValues", selectedValues)
.getResultList();
Instead of:
nativeQuery.setParameter("selectedValues", params);
I had to use:
nativeQuery.setParameterList("selectedValues", params);
This worked for me in derby. parameter without "()".
List<String> selectedValues = Arrays.asList("STRING1", "STRING2");
final String parameterizedQuery = "select * from SOMETABLE where SOMEFIELD in
:selectedValues";
return em.createNativeQuery(parameterizedQuery)
.setParameter("selectedValues", selectedValues)
.getResultList();
Replace this:
nativeQuery.setParameter("selectedValues","'STRING1','STRING2'");
with
List<String> params;
nativeQuery.setParameter("selectedValues",params);
I also faced the same issue.
This is what I did:
List<String> sample = new ArrayList<String>();
sample.add("sample1");
sample.add("sample2");
And now you, can set the sample in params.