SQL Parameterized query
From AgileApps Support Wiki
Revision as of 08:21, 2 June 2017 by imported>Aeric
To execute the SQL query, you have to provide the parameters in the prepared statement. This parameterized query avoids SQL injection issues. AgileApps Cloud supports parameterized SQL query as well as the plain SQL query.
Example of Parameterized query: Select * from <object> where field1 = ?
In the AgileApps Cloud platform, define the SQL parameterized query in custom Java class under Developer Resources.
- To create SQL parameterized query
- 1. Define the object array of parameter values.
- Example: Object[] arr = {object1,object2,object3};
- 2. Define the SQL parameterized query:
- Result r = Functions.execSQL("select * from <object> where field1 = ? and field2 = ? and field3 = ? ", arr);
- Examples
DateTime or Date fields –
- Timestamp timestamp1 = Timestamp.valueOf("2017-02-10 08:55:00");
Time field
- Time t = Time.valueOf("05:20:00");
String type
- String test_text = "testing 1’st data";
Other objects
- Object[] arr = {timestamp1,t,test_text};
- AAL fields to Java object Mapping