Statement st = con.createStatement();
//ResultSet rs;
int i = st.executeUpdate("insert into members(first_name,last_name,email,uname, pass, regdate) values ('" + fname + "','" + lname + "','" + email +"','" + user + "','" + pwd + "', CURDATE())");
if (i > 0)
{
//session.setAttribute("userid", user);
//response.sendRedirect("userList2.jsp");
out.print("Registration Successfull!"+"<a href='userList2.jsp'>View Members</a>");
}
Related
This is my code looks like
#Query(value = "SELECT pu.id_user AS idUser, " +
"pu.full_name AS \"name\", " +
"pu.username, " +
"pu.email, " +
"CASE pu.status " +
"WHEN 0 THEN 'Blocked' " +
"WHEN 1 THEN 'Unblocked' " +
"END status, " +
"(SELECT branch_name AS \"branch\" " +
"FROM schema_a.branch aa " +
"WHERE mpb.branch_id IS NOT NULL AND mpb.parent_branch_id IS NOT NULL AND " +
"branch_id = mpb.parent_branch_id " +
") AS branch, " +
"mpb.branch_id AS childId, " +
"mpb.branch_name AS childName, " +
"mpb.parent_branch_id AS parentBranchId, " +
"r.role_name AS roleName " +
"FROM schema_a.user pu " +
"JOIN schema_a.branch mpb ON pu.id_branch = mpb.id_branch " +
"JOIN schema_a.\"role\" r ON pu.id_role = r.id_role " +
"WHERE pu.is_deleted = false", nativeQuery = true)
Page<UserAndBranch> findAllByIsDeletedIsFalse(Pageable pageable);
the result i got
Caused by: org.postgresql.util.PSQLException: ERROR: missing FROM-clause entry for table "aa"
That native query is executed succesfully in DBeaver, nothings different just remove the quotation mark, what am I missing?
I have viewed some of the related question but the solutions on them are bit older. Most of them are using EntityManager. I have written the following native query in JpaRepository and when I get geojson as a String I'm getting the error mentioned in the title.
Here is my query
#Query(value = "SELECT\n"
+ " json_build_object(\n"
+ " 'type', 'FeatureCollection',\n"
+ " 'features', json_agg(\n"
+ " json_build_object(\n"
+ " 'type', 'Feature',\n"
+ " 'geometry', ST_AsGeoJSON(a.check_in_geom)\\:\\:json,\n"
+ " 'properties', json_build_object(\n"
+ " 'username', a.username,\n"
+ " 'users', (\n"
+ " -- Generate json array of \"users\"\n"
+ " SELECT array_to_json(array_agg(u.*)) \n"
+ " FROM users u \n"
+ " WHERE u.username = a.username\n"
+ " GROUP BY u.username\n"
+ " )\n"
+ " )\n"
+ " )\n"
+ " )\n"
+ " ) Json\n"
+ "FROM\n"
+ " attendances a, users u\n"
+ " WHERE a.username = u.username AND u.designation = 'Manager' AND date_trunc('day', a.created_at)\\:\\:DATE = '2022-04-04'"
+ " ;", nativeQuery = true)
String getAttendanceGeoJsonByDesignationAndDate(String designation, String dateStr);
For now I'm passing designation and date as static values.
When I run this query on Postgresql it runs successfully and return the expected geojson. But spring boot does not allow the result to be as String or it throws exception while running the query.
Please let me know how can I fix it. Also if I need to provide more detail, do let me know.
This code return empty cursor.What is wrong here?
Data is already there in sqlitedb.
public static final String COL_2 = "ID";
public static final String COL_3 = "TYPE";
public Cursor checkData(String id, String type){
SQLiteDatabase db = getWritableDatabase();
Cursor res = db.rawQuery("SELECT * FROM "+ TABLE_NAME + " WHERE " + COL_2 + " = " + id+ " AND " + COL_3 + " = " + type , null);
return res;
}
When you pass strings as parameters you must quote them inside the sql statement.
But by concatenating quoted string values in the sql code your code is unsafe.
The recommended way to do it is with ? placeholders:
public Cursor checkData(String id, String type){
SQLiteDatabase db = getWritableDatabase();
String sql = "SELECT * FROM "+ TABLE_NAME + " WHERE " + COL_2 + " = ? AND " + COL_3 + " = ?";
Cursor res = db.rawQuery(sql , new String[] {id, type});
return res;
}
The parameters id and type are passed as a string array in the 2nd argument of rawQuery().
I finally solved it.
public Cursor checkData(String id, String type){
SQLiteDatabase db = getWritableDatabase();
Cursor res = db.rawQuery("SELECT * FROM "+ TABLE_NAME + " WHERE " + COL_2 + " = '" + id+ "' AND " + COL_3 + " = '" + type +"'" , null);
return res;
}
if COL_3 type is string try this:
Cursor res = db.rawQuery("SELECT * FROM "+ TABLE_NAME + " WHERE " + COL_2 + " = " + id+ " AND " + COL_3 + " = '" + type + "'" , null);
I have done that before, but in this case I have an insert into table query where value of the column of the target table comes as a result from another query. Having that, I'm not sure if my parametarized query is formatted the right way.
Here is an original query without before Sql Injection fix:
cmd.CommandText += "insert into controlnumber (controlnumber, errorid)
values ('" + ControlNumber + "', (select errorid from error where
errordescription = '" + ErrorDescription + "' and errortype = '" +
ErrorType + "' + and applicationid = " + ApplicationID + " and statusid =
" + StatusID + " and userid = " + UserID + " and errortime = '" +
ErrorTime + "');";
This is the query after I tried to fix Sql Injection:
cmd.CommandText = "insert into ControlTable(ControlNumber, ErrorID)
values (#ControlNum, (select errorid from error where errordescription =
#ErrorDescription and errortype = #errorType and applicationid =
#ApplicationID and statusid = #StatusID and userid = #UserID and
errortime = #ErrorTime)"
This is where I add parameters:
.....
command.CommandType = CommandType.Text
command.Parameters.AddWithValue("#ErrorDescription ", ErrorDesc);
command.Parameters.AddWithValue("#ControlNum", cntNumber);
command.Parameters.AddWithValue("#errorType",ErrorType);
command.Parameters.AddWithValue("#ApplicationID",AppID);
command.Parameters.AddWithValue("#StatusID",StatusID);
command.Parameters.AddWithValue("#UserID",UserID);
....
I'm just wondering if my CommandText is formatted the right way.
Thank's
try this:
cmd.CommandText = "insert into ControlTable(ControlNumber, ErrorID)
select #ControlNum, errorid from error where errordescription =
#ErrorDescription and errortype = #errorType and applicationid =
#ApplicationID and statusid = #StatusID and userid = #UserID and
errortime = #ErrorTime)"
When using INSERT INTO SELECT FROM, you do not use keyword VALUES. The syntax is:
INSERT INTO TABLE(columns) SELECT ... FROM TABLE2
I have a C# console application that uploads data into SQL Server database after doing a bit of calculation which is done using various C# functions. Now the problem is it is taking almost 1 sec to calculate and upload one line of data and I have to upload 50,000 lines of data in the same way.
Please suggest me a way to solve this problem.
P.S. : I am using stringbuilder to compose separate insert statements and upload in bulk. This process is taking only 1 min.
Inserting or updating to database is hardly taking any time as I have mentioned in my question. Calculation is taking most of the time. I am attaching the code sample of a function below:
public void EsNoMinLim()
{
ds = new DataSet();
ds = getDataSet("select aa.Country, aa.Serial_No from UEM_Data aa inner join (select distinct " +
"IId, Country from UEM_Data where Active_Status is null) bb on aa.iid = bb.iid where aa.Serial_No <> '0'").Copy();
execDML("Delete from ProMonSys_Grading");
StringBuilder strCmd = new StringBuilder();
foreach (DataRow dRow in ds.Tables[0].Rows)
{
SiteCode = dRow["Country"].ToString();
Serial_No = dRow["Serial_No"].ToString();
ds_sub = new DataSet();
ds_sub = getDataSet("select EsNo_Abs_Limit from EsNo_Absolute_Limit where Fec_Coding_Rate in "+
"(select MODCOD from FEC_Master where NMS_Value in (select Top 1 FEC_Rate from "+
"DNCC_Billing_Day where Serial_No = '" + Serial_No + "' and [Date] = (select max([Date]) "+
"from DNCC_Billing_Day where Serial_No = '" + Serial_No + "')))").Copy();
if (ds_sub.Tables[0].Rows.Count > 0 && Convert.ToString(ds_sub.Tables[0].Rows[0][0]) != "")
{
Min_EsNo = Convert.ToString(ds_sub.Tables[0].Rows[0][0]);
}
else
{
Min_EsNo = "a";
}
if (Min_EsNo != "a")
{
ds_sub = new DataSet();
ds_sub = getDataSet("select Top 1 modal_Avg_EsNo from DNCC_Billing_Day where " +
"Serial_No = '" + Serial_No + "' and [Date] = (select max([Date]) from DNCC_Billing_Day " +
"where Serial_No = '" + Serial_No + "')").Copy();
if (ds_sub.Tables[0].Rows.Count > 0 && Convert.ToString(ds_sub.Tables[0].Rows[0][0]) != "")
{
Avg_EsNo = Convert.ToString(ds_sub.Tables[0].Rows[0][0]);
}
else
{
Avg_EsNo = "-1";
}
ds_sub = new DataSet();
ds_sub = getDataSet("select Top 1 Transmit_Power from ProMonSys_Threshold where Serial_No = '" + Serial_No + "'").Copy();
if (ds_sub.Tables[0].Rows.Count > 0 && Convert.ToString(ds_sub.Tables[0].Rows[0][0]) != "")
{
Threshold_EsNo = Convert.ToString(ds_sub.Tables[0].Rows[0][0]);
}
else
{
Threshold_EsNo = "-1";
}
getGrade = EsNoSQFGrading(Min_EsNo, Avg_EsNo, Threshold_EsNo);
strCmd.Append("insert into ProMonSys_Grading(SiteCode, Serial_No, EsNo_Grade) " +
"values('" + SiteCode + "','" + Serial_No + "','" + getGrade + "')");
}
}
execDML_StringBuilder(strCmd);
}
Find out, what part of the process is the expensive one. Use StopWatch to check how long loading, calculating and saving takes separately. Then you which part to improve (and can tell us).