Good Night in my timezone.
I am using Sybase ase 15, and I have a stored procedure with two input parameters both VARCHAR, basically inside the stored procedure I use dynamic SQL, something like this:
#cmd = 'select * from TABLE where COL IN'+#PARAM1+'AND COL2=#PARAM2
EXEC(#cmd)
I call this procedure using JDBC like this way:
CallableStatement stmt = conn.prepareCall("{call MyStoredProcedure(?,?)}");
stmt.setString(1, "'''0'',''1'''");
stmt.setString(2, '''fr''');
stmt.executeQuery();
It throws me an error informing that the call is malformed.
But if I run the call directly in the IDE like this :
EXEC MyStoredProcedure'''0'',''1'',''2'',''3'',''4'',''5'',''6'',''7''','''fr'''
It runs without any problem, so i guess that there is some problem with the character escaping i guess.
Anyone had experience this problem ?
With the best regards
Thanks in advance
You don't specify IN and OUT parameters:
http://docs.oracle.com/javase/tutorial/jdbc/basics/storedprocedures.html
See if following the tutorial helps.
I would also comment that you only have two parameters, but your query passes in strings that appear to be more. It's ugly, misleading, and appears to break first normal form.
Related
Here is my code. I am trying to use a variable instead of a column name in here
But I get below exception. How can I resolve this error?
You can't bind table/column names in a prepared statement, nor would you normally want to allow this. Here is a working version of your code:
String query = "UPDATE report SET itemno = ?";
pst = (PreparedStatement) con.prepareStatement(query);
pst.setInt(1, dqty);
pst.executeUpdate();
Notes:
You almost certainly want to add a WHERE clause to your update, without which it would affect every record in the table. With prepared statements, you don't need to worry about escaping your literal data. Just let Java handle this for you.
If you really need the ability to update other table/column combinations, then just create other statements for that. One size fits all works at 7-Eleven, but not JDBC, since you might SQL injected.
Hi dear stackoverflow users,
Firstly,i want to specify that my platforms are JAVA, ORACLE and TOAD.
I have some SELECT queries that include parameters and i have stored them in properties file to make them more readable. I can use them with '?' and setTYPE in JAVA.
But i have to use (:) operator to define parameters in TOAD. So, when i want to run my query in TOAD, i copy the query from JAVA properties file and paste it to TOAD editor and add parameters manuelly. This is not professional i think. I want to store my queries with : operator and in JAVA platform. Is this possible ? Are there any framework or something like it ?
NOTE :
1-) i want to store my queries with my JAVA code, not in stored procedure.
2-) i want to store my queries that can run that two platform without change anything.
Thank you.
You can use the OraclePreparedStatement:
String query = myProperties.getProperty("some_key");
//Suppose query is 'SELECT * FROM MY_TBL WHERE ID=:myId'
OraclePreparedStatement statement = (OraclePreparedStatement) myConnection.prepareStatement(query);
statement.setStringAtName("myId", "abc2");
someResultSet = statement.executeQuery();
hi is there any way to do the following java code in postgresql stored procedure
String sqlQuery = "SELECT uid, name, duration from EVENTS";
ResultSet rs = stmt.executeQuery(sqlQuery);
while (rs.next()) {
String name = rs.getString(2);
}
i need the same in the postgresql stored procedure?
Per the PL/PgSQL documentation you use a LOOP over a query for that.
DO
$$
DECLARE
myresult record;
BEGIN
FOR myresult IN SELECT uid, name, duration FROM events
LOOP
RAISE NOTICE 'Name is %',myresult.name;
END LOOP;
END;
$$ LANGUAGE plpgsql;
However, use of loops is very often a sign you're just not using SQL properly. It's highly likely that proper use of WITH queries (common table expressions) and a bit of thought will get you a pure SQL solution that'll generally perform a LOT better.
In future, please give your PostgreSQL version and explain a little about what you're actually trying to accomplish. The code you show is completely useless, it does nothing. So it's obviously not what you really want to do, but you've told us nothing about that. Quite often the solution you think you need (looping, say) isn't the solution you really need.
I'm fairly new to SQL and I'm currently reworking a java program that another
programmer has developed. When I print one of his query select statements the script contains sql syntax:
SELECT * from database WHERE id = ?
I just want know what =? is supposed to do? I've been googling around and I can't find any relevant answer.
It's not a SQL notation, but a JDBC (Java Database Connectivity) notation. The ? gets replaced with a parameter that is specified separately. Using this approach, instead of trying to substitute the parameter yourself into the string, helps prevent the risk of SQL injection.
The ? is a place holder, a parameter, so that you can pass it in dynamically and return different results for different parameters.
Somewhere in the code you should see that he adds the parameter to the Statement object and execute it.
Most likely you are using a tool that will replace the "?" with an actual value. I've seen this in other tools before such as SQL DTS (Data Transformation Services)... but that's showing how old I am :)
The ? is not part of the SQL language.
The ? is a place holder used in SQL queries when used with JDBC Prepared statement. Using a prepared statement has advantages over the normal statement specially when you use it repeatedly (say in a loop).
Here is an example :
PreparedStatement ps =
connection.prepareStatement("select name from users where user_name = ?");
ps.setString(1, "user1");
the "?" gets replace by "user1" when the query is run and the first name of the user with user name "user1" is returned.
Simplified for illustrative purposes:
String[] filter = {"foo", "bar"};
String sql = "SELECT * FROM table WHERE column IN ?";
declareParameter(new SqlParameter(Types.ARRAY));
This doesn't work when I execute it (I get a java.sql.SQLException: [Microsoft][SQLServer 2000 Driver for JDBC]Invalid parameter binding(s). exception.
JDBC doesn't support this kind of query officially and SQL Server doesn't either as far as I know. This topic has been discussed on SO many times and several workarounds have been proposed:
What is the best approach using JDBC for parameterizing an IN clause?
PreparedStatement IN clause alternatives?
pass variable from java to SQL IN clause
Trouble with PreparedStatement that uses union of selects query and IN CLAUSE
You can probably find many more as it is indeed a very relevant yet still open topic.
I am not sure about MS SQL Server. But such a code wouldn't work on oracle DB. In oracle, we cannot pass a java array to an IN clause. The way to work around that limitation is to construct a PL/SQL function that converts a list of strings into a table, something like stringToTable. Then pass a concatenated string as a parameter.
Again, this answer is applicable for Oracle DB; It might not work on MS SQL server.