SQL Parameterized query
From AgileApps Support Wiki
To execute the SQL query, you have to provide the parameters in the prepared statement. This parameterized query avoids SQL injection issues. AgileApps Cloud supports parameterized SQL query as well as the plain SQL query.
Example of Parameterized query: Select * from <object> where field1 = ?
In the AgileApps Cloud platform, define the SQL parameterized query in custom Java class under Developer Resources.
- To create SQL parameterized query
- 1. Define the object array of parameter values.
- Example: Object[] arr = {object1,object2,object3};
- 2. Define the SQL parameterized query:
- Result r = Functions.execSQL("select * from <object> where field1 = ? and field2 = ? and field3 = ? ", arr);
- Examples
DateTime or Date fields –
- Timestamp timestamp1 = Timestamp.valueOf("2017-02-10 08:55:00");
Time field
- Time t = Time.valueOf("05:20:00");
String type
- String test_text = "testing 1’st data";
Other objects
- Object[] arr = {timestamp1,t,test_text};
- AAL fields to Java object Mapping
Field Display Type
Java TypeTextField String DateTime Java.sql.TimeStamp Time Java.sql.Time Date Java.sql.TimeStamp Global Picklist String Picklist String Dependent Picklist String RichTextArea String Auto Number String Percentage Double Number with decimals Double Number Int Email Address String URL String Lookup String Phone/Fax String Currency Double Formula Double Checkbox Int Multicheckbox String Geolocation String Radiobuttons String Multiobject lookup String