Difference between revisions of "SQL Parameterized query"
imported>Aeric (Created page with "<br>To execute the SQL query, you have to provide the parameters in the prepared statement. This parameterized query avoids SQL injection issues. AgileApps Cloud supports paramet...") |
imported>Aeric |
||
| Line 20: | Line 20: | ||
{{Note|The following operations and clauses are supported: SELECT, FROM, WHERE, GROUP, BY, ASC, DESC, HAVING, WITH, ORDER, IS, NOT, EQUAL, NOT EQUAL, AND, OR, GREATER, LESSER, GREATER THAN EQUAL, LESSER THAN EQUAL, IN, LIKE, REGEXP, INNER JOIN, LEFT JOIN, RIGHT JOIN.}} | {{Note|The following operations and clauses are supported: SELECT, FROM, WHERE, GROUP, BY, ASC, DESC, HAVING, WITH, ORDER, IS, NOT, EQUAL, NOT EQUAL, AND, OR, GREATER, LESSER, GREATER THAN EQUAL, LESSER THAN EQUAL, IN, LIKE, REGEXP, INNER JOIN, LEFT JOIN, RIGHT JOIN.}} | ||
;AAL fields to Java object Mapping: | ;AAL fields to Java object Mapping: | ||
::{| border="1" cellpadding="5" cellspacing="1" | |||
! <br>Field Display Type !! <br>Java Type | |||
|- | |||
|align="center"| April 2017 || align="center"| [http://agileappscloud.info/aadev/Version_10.8_Platform ✔] | |||
|- | |||
| align="center"| March 2017 || align="center"| ✕ | |||
|- | |||
| align="center"| February 2017 || align="center"| [http://agileappscloud.info/aadev/Release_Notes#February_2017_Release ✔] | |||
|- | |||
| align="center"| January 2017 || align="center"| [http://agileappscloud.info/aadev/Release_Notes#January_2017_Release ✔] | |||
|- | |||
| align="center"| December 2016|| align="center"| ✕ | |||
|- | |||
| align="center"| November 2016|| align="center"| ✕ | |||
|} | |||
Revision as of 08:21, 2 June 2017
To execute the SQL query, you have to provide the parameters in the prepared statement. This parameterized query avoids SQL injection issues. AgileApps Cloud supports parameterized SQL query as well as the plain SQL query.
Example of Parameterized query: Select * from <object> where field1 = ?
In the AgileApps Cloud platform, define the SQL parameterized query in custom Java class under Developer Resources.
- To create SQL parameterized query
- 1. Define the object array of parameter values.
- Example: Object[] arr = {object1,object2,object3};
- 2. Define the SQL parameterized query:
- Result r = Functions.execSQL("select * from <object> where field1 = ? and field2 = ? and field3 = ? ", arr);
Note: The order of the values in the parameterized query must be in the same order as defined in the object array.
- Examples
DateTime or Date fields –
- Timestamp timestamp1 = Timestamp.valueOf("2017-02-10 08:55:00");
-
Note: Use only 24-hour time format.
Time field
- Time t = Time.valueOf("05:20:00");
String type
- String test_text = "testing 1’st data";
Other objects
- Object[] arr = {timestamp1,t,test_text};
-
Note: The following operations and clauses are supported: SELECT, FROM, WHERE, GROUP, BY, ASC, DESC, HAVING, WITH, ORDER, IS, NOT, EQUAL, NOT EQUAL, AND, OR, GREATER, LESSER, GREATER THAN EQUAL, LESSER THAN EQUAL, IN, LIKE, REGEXP, INNER JOIN, LEFT JOIN, RIGHT JOIN.
- AAL fields to Java object Mapping