Convert OOM Items.Restrict to Redemption Items.Restrict - powershell

I'm trying to convert the following working powershell OOM items.restrict:
$colMail = $olFolder.Items.Restrict("[Start] > '18/03/2022'")
$colMail = $olFolder.Items.Restrict("[Subject] = 'Test'")
RDO items.restrict
$SQL = "Subject = 'Test'" # or "where Subject = 'Test'"
$colMail = $olFolder.Items.Restrict($SQL)
$colMail = $olFolder.Items.Restrict("Subject = 'Test'")
$colMail = $olFolder.Items.Restrict("where Subject = 'Test'")
$colMail = $olFolder.Items.Restrict("Start > '2022-03-18'")
Neither of the RDO examples does return any items.
Also items.find isnt't working with RDO.
What is the correct SQL-statement in Powershell?
Thanks

Here is what the documentation says:
SQL style query specifying the condition. Can either be a WHERE part only (e.g. "LastName = 'Streblechenko' ") or a complete SQL expression with the SELECT, WHERE and ORDER BY clauses (see example).
The properties specified in the SQL query must either use the Outlook Object Model (or RDO) property name (e.g. Subject, Email1Address) or a DASL style property name (e.g. "http://schemas.microsoft.com/mapi/proptag/0x0037001E", "http://schemas.microsoft.com/mapi/id/{00062004-0000-0000-C000-000000000046}/8083001E")
When a DASL property name is used, it must be enclosed in double quotes.
Including the SELECT clause allows Redemption to pre-fetch the properties from the folder contents table without opening the item resulting in a significant performance gain (see example). If you later access a property not specified in the SELECT clause, Redemption will open the item.
Including the ORDER BY clause sorts the collection in the specified order.
For example:
set Contact = Items.Restrict("SELECT Email1Address, FileAs from Folder WHERE LastName = 'PersonLastName' ORDER BY FirstName desc")

Related

SELECT with substring in ON clause?

I have the following select statement in ABAP:
SELECT munic~mandt VREFER BIS AB ZZELECDATE ZZCERTDATE CONSYEAR ZDIMO ZZONE_M ZZONE_T USAGE_M USAGE_T M2MC M2MT M2RET EXEMPTMCMT EXEMPRET CHARGEMCMT
INTO corresponding fields of table GT_INSTMUNIC_F
FROM ZCI00_INSTMUNIC AS MUNIC
INNER JOIN EVER AS EV on
MUNIC~POD = EV~VREFER(9).
"where EV~BSTATUS = '14' or EV~BSTATUS = '32'.
My problem with the above statement is that does not recognize the substring/offset operation on the 'ON' clause. If i remove the '(9) then
it recognizes the field, otherwise it gives error:
Field ev~refer is unknown. It is neither in one of the specified tables
nor defined by a "DATA" statement. I have also tried doing something similar in the 'Where' clause, receiving a similar error:
LOOP AT gt_instmunic.
clear wa_gt_instmunic_f.
wa_gt_instmunic_f-mandt = gt_instmunic-mandt.
wa_gt_instmunic_f-bis = gt_instmunic-bis.
wa_gt_instmunic_f-ab = gt_instmunic-ab.
wa_gt_instmunic_f-zzelecdate = gt_instmunic-zzelecdate.
wa_gt_instmunic_f-ZZCERTDATE = gt_instmunic-ZZCERTDATE.
wa_gt_instmunic_f-CONSYEAR = gt_instmunic-CONSYEAR.
wa_gt_instmunic_f-ZDIMO = gt_instmunic-ZDIMO.
wa_gt_instmunic_f-ZZONE_M = gt_instmunic-ZZONE_M.
wa_gt_instmunic_f-ZZONE_T = gt_instmunic-ZZONE_T.
wa_gt_instmunic_f-USAGE_M = gt_instmunic-USAGE_M.
wa_gt_instmunic_f-USAGE_T = gt_instmunic-USAGE_T.
temp_pod = gt_instmunic-pod.
SELECT vrefer
FROM ever
INTO wa_gt_instmunic_f-vrefer
WHERE ( vrefer(9) LIKE temp_pod ). " PROBLEM WITH SUBSTRING
"AND ( BSTATUS = '14' OR BSTATUS = '32' ).
ENDSELECT.
WRITE: / sy-dbcnt.
WRITE: / 'wa is: ', wa_gt_instmunic_f.
WRITE: / 'wa-ever is: ', wa_gt_instmunic_f-vrefer.
APPEND wa_gt_instmunic_f TO gt_instmunic_f.
WRITE: / wa_gt_instmunic_f-vrefer.
ENDLOOP.
itab_size = lines( gt_instmunic_f ).
WRITE: / 'Internal table populated with', itab_size, ' lines'.
The basic task i want to implement is to modify a specific field on one table,
pulling values from another. They have a common field ( pod = vrefer(9) ). Thanks in advance for your time.
If you are on a late enough NetWeaver version, it works on 7.51, you can use the OpenSQL function LEFT or SUBSTRING. Your query would look something like:
SELECT munic~mandt VREFER BIS AB ZZELECDATE ZZCERTDATE CONSYEAR ZDIMO ZZONE_M ZZONE_T USAGE_M USAGE_T M2MC M2MT M2RET EXEMPTMCMT EXEMPRET CHARGEMCMT
FROM ZCI00_INSTMUNIC AS MUNIC
INNER JOIN ever AS ev
ON MUNIC~POD EQ LEFT( EV~VREFER, 9 )
INTO corresponding fields of table GT_INSTMUNIC_F.
Note that the INTO clause needs to move to the end of the command as well.
field(9) is a subset operation that is processed by the ABAP environment and can not be translated into a database-level SQL statement (at least not at the moment, but I'd be surprised if it ever will be). Your best bet is either to select the datasets separately and merge them manually (if both are approximately equally large) or pre-select one and use a FAE/IN clause.
They have a common field ( pod = vrefer(9) )
This is a wrong assumption, because they both are not fields, but a field an other thing.
If you really need to do that task through SQL, I'll suggest you to check native SQL sentences like SUBSTRING and check if you can manage to use them within an EXEC_SQL or (better) the CL_SQL* classes.

Is there a way to get the full command text of an NpgsqlCommand?

With code like this:
string strCommand = "SELECT * FROM \"MyDataBase\".\"vwUsers\" "
strCommand += "WHERE name LIKE '%' || :name || '%' ";
strCommand += "ORDER BY name ASC LIMIT :page_limit OFFSET :row_offset";
NpgsqlCommand cCommand = new NpgsqlCommand(strCommand);
cCommand.Parameters.Add(new NpgsqlParameter("name", NpgsqlDbType.Text));
cCommand.Parameters[0].Value = strName;
cCommand.Parameters.Add(new NpgsqlParameter("page_limit", NpgsqlDbType.Integer));
cCommand.Parameters[1].Value = nPageAmount;
cCommand.Parameters.Add(new NpgsqlParameter("row_offset", NpgsqlDbType.Integer));
cCommand.Parameters[2].Value = nRowOffset;
Is there a way to get the full text of the command string with all the parameters plugged into it?
Nope. The reason for this is that since Npgsql 3.0 parameters aren't simply substituted in the string; Npgsql actually sends your SQL with parameter placeholders, and transmits the parameters in a separate message and in binary encoding. In other words, there's no point anywhere at which the SQL query is available as text with the parameters.
(Note: in Npgsql 2.2 client-side parameter binding was done for non-prepared messages, so this was in theory possible).
try this cCommand.CommandText
reference Npgsql.NpgsqlCommand

Quote raw sql in ZEND to avoid sql injection

Long story short, I have an admin section where the user can choose from multiple dropdown lists the tables and fields that must be queries in order to get some values. Therefore, the query in ZEND is performed by concatenating the strings
$query = "SELECT $fieldName1, $fieldName2 from $tableName where $fieldName1 = $value";
How can I escape the above using ZEND approach to avoid sql injection? I tried adding them all as ? and calling quoteinto but it seems this does not work on some of the variables (like table names or field names)
ZF has quoteIdentifier() specifically for this purpose:
$query = "SELECT ".$db->quoteIdentifier($fieldName1).","...
In your case you might (also) want to check against a white list of valid column names.
Use quoteInto() or Zend_db_Select::where() for the values, and for the table and column names, I would simply strip any non alpha characters and then wrap them in ` quotes prior to using them in your SQL.
Example:
// Strip non alpha and quote
$fieldName1 = '`' . preg_replace('/[^A-Za-z]/', '', $fieldName1) . '`';
$tableName = '`' . preg_replace('/[^A-Za-z]/', '', $tableName) . '`';
// ....
// Build the SQL using Zend Db Select
$db->select()->from($tableName, array($fieldName1, $fieldName2))
->where($fieldName1 . ' = ?', $value);
In SafeMysql you can make it as simple, as
$sql = "SELECT ?n, ?n from ?n where ?n = ?s";
$data = $db->getAll($sql,$fieldName1,$fieldName2, $tableName, $fieldName1, $value);
though I understand that you won't change your ZF to SafeMysql.
Nevertheless, there is one essential thing that is ought to be done manually:
I doubt you want to let users to browse users table or financial table or whatever.
So, you have to verify a passed table name against an allowed tables array.
like
$allowed = ('test1','test2');
if (!in_array($tableName, $allowed)) {
throw new _403();
}

Querying with multiple value parameter in SQL Server Report Builder

I am basically trying to do what is asked in this question:
Passing multiple values for a single parameter in Reporting Services
but it is not working for me.
My parameter has a data type of text. I have a feeling that my parameter is being surrounded by quotes when it is inserted into my query.
Query
SELECT
AllUserData.tp_ID, Title as TestSite, tp_Title as TestCase, nvarchar6 as ItemNumber,
nvarchar7 as DefectType, nvarchar8 as Status, nvarchar9 as QuestionID,
ntext2 as Question, AllUserData.tp_Version as Version,
CONVERT(VARCHAR(10), AllUserData.tp_Modified, 111) AS DateModified
FROM
[dbTOG].[dbo].[AllUserData]
INNER JOIN
dbTOG.dbo.AllLists on dbTOG.dbo.AllUserData.tp_ListId = dbTOG.dbo.AllLists.tp_ID
INNER JOIN
dbTOG.dbo.Webs on dbTOG.dbo.AllLists.tp_WebId = dbTOG.dbo.Webs.Id
WHERE
(nvarchar8 = 'PASS' OR
nvarchar8 = 'FAIL' OR
nvarchar8 = 'N/A' OR
nvarchar8 = 'TBD' OR
nvarchar8 = 'TBRT' OR
nvarchar8 = 'FIXED')
AND Title = #TestSite
AND tp_Title IN (#TestCase)
Parameter expression for #TestCase
=Join(Parameters!TestCase.Value, ",")
This is quite late but I was struggling with pretty much the same thing. Eventually I found the answer from the link in the OT, however not the accepted one.
I changed the parameter expression to:
=SPLIT(JOIN(Parameters!<your param name>.Value,","),",")
This worked perfectly for me.

[zend][db] fetchAll with multiple variables

I'm trying to use fetchAll on a query that has 2 variables. I can't figure out the syntax.
I can manage with only 1 variable:
$sql = "SELECT * FROM mytable WHERE field1 = ?";
$this->_db->fetchAll($sql,$value1); # that works
However I'm having some issues when query has multiple variables
$sql = "SELECT * FROM mytable WHERE field1 = ? AND field2 = ?";
$this->_db->fetchAll($sql,$value1,$value2); # doesn't work
$this->_db->fetchAll($sql,array("field1"=>$value1,"field2"=>$value2)); # doesn't work either
The reason why I want to use ? instead of placing the variables directly into the query is that I've learned that using ? allows for the query to be compiled generically by the db engine and improves performances.
There are two types of parameter, named parameters and positional parameters. You're mixing the two types and that won't work.
Named parameters match a placeholder by name. Names are started with the : symbol. The parameter names are not the same as the names of the columns you happen to use them for. You supply parameter values in an associative array, using the parameter name (not the column name) as the array keys. For example:
$sql = "SELECT * FROM mytable WHERE field1 = :param1 AND field2 = :param2";
$this->_db->fetchAll($sql,array("param1"=>$value1,"param2"=>$value2));
Positional parameters use the ? symbol for the placeholder. You supply parameter values using a simple (non-associative) array, and the order of values in the array must match the order of parameter placeholders in your query. For example:
$sql = "SELECT * FROM mytable WHERE field1 = ? AND field2 = ?";
$this->_db->fetchAll($sql,array($value1,$value2));
Most brands of SQL database natively support only one style or the other, but PDO attempts to support both, by rewriting the SQL if necessary before preparing the query. Since Zend_Db is modeled after PDO, Zend_Db also supports both parameter styles.
This question is a bit old, but I thought I'd just add to it for reference sake.
I would recommend starting to use Zend_Db_Select with Zend_Db. I've been doing a lot with Zend_Db lately. More from Zend_Db_Select reference guide.
Lets assume you have a Zend_Db adapter: $this->_db
# this will get the Zend_Db_Select object
$select = $this->_db->select();
# now you build up your query with Zend_Db_Select functions
$select->from('mytable');
$select->where('field1 = ?', $field1);
$select->where('field2 = ?', $field2);
[...]
# echo to see the SQL (helps in debugging)
# SELECT * FROM mytable WHERE field1 = ? AND field2 = ? [...]
echo '<p>My SQL: ' . $select . '</p>';
# Execute the SQL / Fetch results
$results = $select->query()->fetchAll();
That's the basics from your given example, but the Zend Framework reference guide on the select object has a lot of good information on how to build even more complex queries with JOINS, UNIONS, GROUP BY, LIMIT, HAVING, etc.
If you wanted to use an alias name for a table or parameters, you use an associative array with the alias name being the index value:
# SELECT p.* FROM products AS p
$select->from('p' => 'products');
If you want to return only selected fields, you add an array of field names as a second parameter:
# SELECT model FROM products
$select->from(products, array(model));
Actually, the above could should produce fully qualified SQL as:
SELECT 'products'.model FROM 'products'
but I wrote the above for brevity and clarity in the example.
One thing I just came across is using AND and OR in the WHERE condition.
# WHERE a = $a
$select->where('a = ?', $a);
# WHERE a = $a AND b = $b
$select->where('a = ?', $a);
$select->where('b = ?', $b);
# WHERE a = $a OR b = $b
$select->where('a = ?', $a);
$select->orWhere('b = ?', $b);
# WHERE a = $a AND b = $b
$select->orWhere('a = ?', $a);
$select->where('b = ?', $b);
Notice, that whatever the following "where" function you use, will combine with the previous statement as that operand. Ok, that sounded confusing.
If the second "where" is an "OR" it will be an "OR" conditional. If the second "where" is a "AND" the statement will be "AND".
In other words, the first WHERE function is ignored in terms of what condition it will use.
In fact, I just asked a question on Stack Overflow yesterday regarding doing a complex WHERE using select.
Hope that helps!
Cheers!
Try this:
$sql = "SELECT * FROM mytable WHERE field1 = ? AND field2 = ?";
$statement = $this->_db->query($sql,array("field1"=>$value1,"field2"=>$value2));
$data = $statement->fetchAll();
$this->_db must be an instance of Db adapter.
Heres the actual Zend way to code for this.
$sql = "SELECT * FROM mytable WHERE field1 = :param1 AND field2 = :param2";
$this->_db->fetchAll($sql,array("param1"=>$value1,"param2"=>$value2));
$where = $this->_db->select()
->from('mytable')
->where('field1 = ?',$value1)
->where('field2 = ?',$value2);
$rowSet = $this->_db->fetchAll($where);
This works great for me