def query = read(intitation.sql);
string output = query
I want to parameterize and the pass the column2 ='value' dynamically from feature file, can you help me in how to achieve this.
Below is the sql file intitation.sql:
SELECT column1, column2, column3, column4, column5, column6, column7, column8, column9, column10, column11, column12 FROM table1 WHERE **column2='value'**;
This is normal JS fundamentals:
* def value = 'foo'
* def sql = "select * from dogs where name = '" + value + "'"
Also see replace if it helps: https://github.com/intuit/karate#replace
EDIT: also see https://stackoverflow.com/a/71063078/143475
Maybe this would also work? Just something to chew on as being an interesting solution. On more complicated parameterizations, this could work well.
* def String = Java.type('java.lang.String')
* def pString = "Select * from Whatever where id = '%s' and name = '%s'"
* def query = String.format(pString, "my-id", "my-name")
Also, could perhaps load the Java PreparedStatement class?
Related
I am using prepared statements to execute mysql database queries. And I want to implement a search functionality based on a keyword of sorts.
For that I need to use LIKE keyword, that much I know. And I have also used prepared statements before, but I do not know how to use it with LIKE because from the following code where would I add the 'keyword%'?
Can I directly use it in the pstmt.setString(1, notes) as (1, notes+"%") or something like that. I see a lot of posts on this on the web but no good answer anywhere.
PreparedStatement pstmt = con.prepareStatement(
"SELECT * FROM analysis WHERE notes like ?");
pstmt.setString(1, notes);
ResultSet rs = pstmt.executeQuery();
You need to set it in the value itself, not in the prepared statement SQL string.
So, this should do for a prefix-match:
notes = notes
.replace("!", "!!")
.replace("%", "!%")
.replace("_", "!_")
.replace("[", "![");
PreparedStatement pstmt = con.prepareStatement(
"SELECT * FROM analysis WHERE notes LIKE ? ESCAPE '!'");
pstmt.setString(1, notes + "%");
or a suffix-match:
pstmt.setString(1, "%" + notes);
or a global match:
pstmt.setString(1, "%" + notes + "%");
We can use the CONCAT SQL function.
PreparedStatement pstmt = con.prepareStatement(
"SELECT * FROM analysis WHERE notes like CONCAT( '%',?,'%')";
pstmt.setString(1, notes);
ResultSet rs = pstmt.executeQuery();
This works perfectly for my case.
Code it like this:
PreparedStatement pstmt = con.prepareStatement(
"SELECT * FROM analysis WHERE notes like ?");
pstmt.setString(1, notes + "%");`
Make sure that you DO NOT include the quotes ' ' like below as they will cause an exception.
pstmt.setString(1,"'%"+ notes + "%'");
PreparedStatement ps = cn.prepareStatement("Select * from Users where User_FirstName LIKE ?");
ps.setString(1, name + '%');
Try this out.
String fname = "Sam\u0025";
PreparedStatement ps= conn.prepareStatement("SELECT * FROM Users WHERE User_FirstName LIKE ? ");
ps.setString(1, fname);
String query="select * from test1 where "+selected+" like '%"+SelectedStr+"%';";
PreparedStatement preparedStatement=con.prepareStatement(query);
// where seleced and SelectedStr are String Variables in my program
I want to pass a table as parameter on an ajax callback procedure in Oracle APEX 5, because I need to make an SQL query on that table.
The SQL process is stored as shared component inside the Apex 5 application. Screenshot
My procedure is like this
(procedure name: THIS_PROCESS)
declare
v_tablename varchar(128);--max table_name lenght
v_ID number;
v_somevar
BEGIN
SELECT Columname,
INTO v_somevar
FROM v_tablename
WHERE ID = v_ID;
--Do stuff
END;
This code (FROM v_tablename) gives me a compilation error:
ORA-00942: table or view does not exist ORA-06550: line 9, column 5:
PL/SQL: SQL Statement ignored
I'm a total newbie. I had been reading that I should call that procedure with this javascript:
apex.server.process ( "THIS_PROCESS", {
x01: "TABLENAME",
x02: "Row_ID",
pageItems: "#P1_Item,#P2_Item"
},{
success: function( pData )
// do something here
}
} );
I do not understand why I should pass x01 and x02 instead of v_tablename and v_ID
Do x01 and x02 automatically are assigned to v_tablename and v_ID?
Here's an example page process THIS_PROCESS of type "Ajax Callback". Note that you need Dynamic SQL to select from a table name that isn't hardcoded.
declare
v_table varchar2(128) := apex_application.g_x01;
v_id number := apex_application.g_x02;
v_somevar varchar2(100);
v_sql varchar2(4000);
begin
-- validate v_table parameter to avoid sql injection. will throw exception if it fails
select table_name into v_table from all_tables where table_name = v_table;
v_sql := 'SELECT Columname
FROM ' || v_table || '
WHERE ID = :A1';
execute immediate v_sql into v_somevar using v_id;
-- do something with v_somevar
end;
Do be careful with this sort of thing - this design will allow a malicious user to write their own javascript function which can pass any table name that it likes to your procedure.
You need to use dynamic sql:
declare
v_tablename varchar(128);--max table_name lenght
v_sql varchar2(1000);
v_ID number;
v_somevar varchar2(100);
BEGIN
v_sql := 'SELECT Columname FROM ' || v_tablename || ' where ID = :1';
EXECUTE IMMEDIATE v_sql INTO v_somevar USING v_ID;
--Do stuff
END;
/
I have two problems on this combination.
After Ajax always return error (unexpected end of input),In localhost it still can save date successfully, seems not a big problem.
The code works in my localhost but does not work in 1App Server(http://www.1apps.net/), I had tried to submit a technique question and them had a response quickly with this way http://www.mikesdotnetting.com/article/98/ajax-with-classic-asp-using-jquery
However, I think the way in that article should be working but I am confused why my code is only work in localhost and other web server but not 1App. The following is my code:
ASP:
if request.QueryString("action")="CostUpdate" then
Response.ContentType = "application/json"
a = request.form("GI")
b = request.form("GP")
c = request.form("NA")
Set rs = Server.CreateObject("ADODB.Recordset")
sql = "Select * From Cost where CostDate = #" & date() & "# and CostItem ='" & a & "'"
rs.open sql,conn,1,3
if rs.eof then
Set rs = Server.CreateObject("ADODB.Recordset")
sql = "Select * From Cost"
rs.open sql,conn,1,3
rs.addnew
rs("CostDate")=date()
rs("CostItem")=a
rs("CostAmount")=c
rs("CostNumber")= b * c
rs.update
else
Set rs = Server.CreateObject("ADODB.Recordset")
sql = "Select * From images where CostDate =#" & adid & "# and CostItem = " & a
rs.open sql,conn,1,3
rs("CostAmount")=c
rs("CostNumber")=b * c
rs.update
end if
end if
JS
var $GoodsId = $("#costtable tbody").find("tr").eq(c).find("input").eq(1).val();
var $GoodsPrice = $("#costtable tbody").find("tr").eq(c).find("input").eq(2).val();
var $NewAmount = $("#costtable tbody").find("tr").eq(c).find("input").eq(3).val();
$.ajax({
url: 'work.asp?action=CostUpdate',
type: "POST",
data: {
GI: $GoodsId,GP: $GoodsPrice,NA: $NewAmount
},
dataType: "json",
error: function (xhr, status, error) {
console.info("CallAjax");
console.info('An error occured.. ' + xhr.responseText + '..' + error);
},
success: function () {
console.info("Sucess");
}
});
there are several problems in asp code:
Don't open new sql command when rs is still open. So I created a
new recordset (rs2) to use inside the if block.
You don't need to recreate rs for every action. so i deleted repeating
createobject.
There is no need to set contentType to Json because no data is generated. You are only updating database.
Use rs.open sql,objcon,2,2 when you want to use sql update command.
use rs.close and also set rs=nothing to free server memory.
there is no definition for parameter adid. do you defined it somewhere else?
You are posting data to asp page not getting. So you have to use
request.form in first line and also send parameter "action" within posted data.
is this entire asp codes? where do you define conn?
Besides the error "unexpected end of input" is not an ASP error. You may forgot } inside JavaScript codes. the presented code is OK, check entire your code.
if request.form("action")="CostUpdate" then
a = request.form("GI")
b = request.form("GP")
c = request.form("NA")
Set rs = Server.CreateObject("ADODB.Recordset")
Set rs2 = Server.CreateObject("ADODB.Recordset")
sql = "Select * From Cost where CostDate = #" & date() & "# and CostItem ='" & a & "'"
rs.open sql,conn,1,3
if rs.eof then
sql = "Select * From Cost"
rs2.open sql,conn,2,2
rs2.addnew
rs2("CostDate")=date()
rs2("CostItem")=a
rs2("CostAmount")=c
rs2("CostNumber")= b * c
rs2.update
rs2.close
else
sql = "Select * From images where CostDate =#" & adid & "# and CostItem = " & a
rs2.open sql,conn,2,2
rs2("CostAmount")=c
rs2("CostNumber")=b * c
rs2.update
rs2.close
end if
rs.close
end if
set rs=nothing
set rs2=nothing
So I've been having trouble getting this Java code working properly. I'm trying to use a "find" function to locate a specific set of information from an access database file (.accdb) and either display or delete it.
I'm not having much luck. Which is puzzling, considering as far as I can tell, the "find" code is also needed for adding new entries to the database, and I can do that without problems. I suspect I've mislabeled something somewhere, frankly.
Below is a snippet of my code, which also shows an example of looking for a specific file identified by the "key" which a user writes into a textbox. Help in solving this annoyance would be appreciated.
// Implement the four instance methods *************
// addNew, delete, update - called from each specific PD class
// find - used locally by addNew(), delete(), and update().
/**
* An instance method to find a record in the database.<br /><br />
*
* This is a private method and can only be used locally within objects instantiated from this class.<br />
* Used by addNew(), delete(), and update().
*
* #param String objectType
* #param String key
* #return a Anime object
* #throws NotFoundException
* #throws SQLException
*/
private Anime find (String objectType, String key) throws NotFoundException, SQLException {
anAnime = null;
if (objectType.equalsIgnoreCase ("PlushToys")) {
// define the SQL query statement using the phone number key
String sqlQuery = "SELECT Anime, Character, Ability, CanItSpeak, Material, Size " +
"FROM PlushToys" +
"Where Character = '" + key +"'";
// execute the SQL query statement
ResultSet rs = aStatement.executeQuery (sqlQuery);
// next method sets cursor & returns true if there is data
boolean gotIt = rs.next();
if (gotIt) {
// extract the data
String Anime = rs.getString(1);
String Character = rs.getString (2);
String Ability = rs.getString (3);
String CanItSpeak = rs.getString (4);
String Material = rs.getString (5);
String Size = rs.getString (6);
// create PlushToy instance & add it to the ArrayList
anAnime = new PlushToys (Anime, Character, Ability, CanItSpeak, Material, Size);
rs.close();
} else {
// nothing was retrieved
rs.close();
throw (new NotFoundException ("not found "));
}
After the SQL-query you need to ask whether the result is empty or not. Therefor you have to count the number of rows in the result. You can do that with something like this:
ResultSet rs;
...
int count = 0;
while(rs.next()) {
count++;
}
And when count is zero, than you have no entries in the result and the thing the user is searching for is not in the database.
Below is the jQuery to passing the attr() value to $_GET[]. When I echo $_GET[] it displays the value. But not when I pass the $_GET into a MySQL statement.
$('.DetailsDisplay').click(function() {
var ix = $(this).attr('id');
$('#Details').load('details.php?regid='+ix);
});
details.php
mysql_select_db($database_host, $host);
$query_list_class = "SELECT * FROM xfi where no='".stid."'";
$list_class = mysql_query($query_list_class, $sshost) or die(mysql_error());
$row_list_class = mysql_fetch_assoc($list_class);
Any idea why?
You've got no $ sign in sql
$query_list_class = "SELECT * FROM xfi where no='".$stid."'";
PS: Also please parse $stid to int
$stid = (int) $_GET['regid'];
you forgot $ sign
also make sure to prevent sql injection
$stid = intval($_GET['regid']);
$query_list_class = "SELECT * FROM xfi where no='".$stid."'";
note : don't use mysql_* functions, they are deprecated, use PDO or mysqli instead