I am using CodeIgniter 3.0.6 and PostgreSQL 9.4. I have a PostgreSQL function with some 4 parameters, out of 4 parameters 3 are string and one is of type bit. I have used the following method to call my function
$query = "SELECT * FROM my_function('$param1', '$param2', '$param_bit', '$param4')";
return $this->db->query($query);
the above method works fine for me, but for security reasons I have decided to use query binding so the values are automatically escaped. I tried the following method
$query = "SELECT * FROM my_function(?, ?, ?, ?)";
return $this->db->query($query, $param1, $param2, $param_bit, $param4);
but is shows
ERROR: syntax error at or near "," LINE 1
So I tries a different methods,
$query = "SELECT * FROM my_function('?', '?', '?', '?')";
return $this->db->query($query, $param1, $param2, $param_bit, $param4);
but it shows No function matches the given name and argument types. You might need to add explicit type casts.
$query = "SELECT * FROM my_function(?::varchar, ?::varchar, ?::bit, ?::varchar)";
return $this->db->query($query, $param1, $param2, $param_bit, $param4);
but it shows ERROR: syntax error at or near "::" LINE 1:
Even tried with quotes and datatypes, but none of them worked for me.
If anyone ever worked before with PostgreSQL functions with parameters, please share how it can be done.
Any help would be appreciated, thanks in advance.
Related
I have a JPA/Springboot application backed by a Postgres database. I need to get a records that is equal to a substring passed back to the server.
For example:
Select * from dp1_attachments where TRIM(RIGHT(dp1_submit_date_dp1_number::text, 5)) ='00007'
This query works in PgAdmin, but not in the JPA #Query statement.
#Query("SELECT a.attachmentsFolder as attachmentsFolder, a.attachmentNumber as attachmentNumber, a.attachmentName as attachmentName, a.dp1SubmitDateDp1Number as dp1SubmitDateDp1Number,a.attachmentType as attachmentType, a.attachmentDate as attachmentDate, a.attachmentBy as attachmentBy "
+ "FROM DP1Attachments a WHERE TRIM(SUBSTRING(a.dp1SubmitDateDp1Number::text, 5 )) = :dp1Number")
I've also tried CASTing the parameter like this:
#Query("SELECT a.attachmentsFolder as attachmentsFolder, a.attachmentNumber as attachmentNumber, a.attachmentName as attachmentName, a.dp1SubmitDateDp1Number as dp1SubmitDateDp1Number,a.attachmentType as attachmentType, a.attachmentDate as attachmentDate, a.attachmentBy as attachmentBy "
+ "FROM DP1Attachments a WHERE TRIM(SUBSTRING(CAST(a.dp1SubmitDateDp1Number as string, 5 ))) = :dp1Number")
but the application won't even run, and returns an error that the query isn't valid.
If I make no attempt to cast it, I get an error that function pg_catalog.substring(numeric, integer) does not exist
UPDATE
I've also tried creating a native query instead but that also doesn't seem to work.
List<DP1AttachmentsProjection> results = em.createNativeQuery("Select * FROM dp1_attachments WHERE TRIM(RIGHT(CAST(dp1_submit_date_dp1_number as varchar),5)) =" + dp1Number).getResultList();
In place of varchar I have also tried string and text.
Errors come back similar to ERROR: operator does not exist: text = integer. Its like the CAST is being ignored and I'm not sure why.
I also tried the following as a native query:
em.createNativeQuery("Select * FROM dp1_attachments WHERE TRIM(RIGHT(dp1_submit_date_dp1_number::varchar),5)) =" + dp1Number).getResultList();
and get ERROR: syntax error at or near ":"
FINAL SOLUTION
Thanks to #Nenad J I altered the query to get the final working solution:
#Query(value = "SELECT a.attachments_Folder as attachmentsFolder, a.attachment_Number as attachmentNumber, a.attachment_Name as attachmentName, a.dp1_Submit_Date_Dp1_Number as dp1SubmitDateDp1Number,a.attachment_Type as attachmentType, a.attachment_Date as attachmentDate, a.attachment_By as attachmentBy FROM DP1_Attachments a WHERE TRIM(RIGHT(CAST(a.dp1_Submit_Date_Dp1_Number as varchar ), 5 )) = :dp1Number", nativeQuery = true)"
Default substring returns a string, so substring(integer data,5) returns a string. Thus no need for the cast.
#Query("SELECT * FROM DP1Attachments a WHERE TRIM(SUBSTRING(a.dp1SubmitDateDp1Number, 5)) = :dp1Number")
But I recommend in this case use native query like this:
Put this code in your attachment repository.
#Query(value="SELECT * FROM DP1Attachments AS a WHERE TRIM(SUBSTRING(a.dp1SubmitDateDp1Number, 5 )) = :dp1Number", nativeQuery=true)
Be careful with the column's name.
I get this output when trying to use toSQL() to debug my queries.
Laravel code:
$services = Service::latest()->where('status', '=', '0');
Output SQL:
"select * from `services` where `status` = ? order by `created_at` desc"
How can I get a proper query without ? mark? Thanks!
To view the data that will be substituted into the query string you can call the getBindings() function on the query like
below.
$query = User::first()->jobs();
dd($query->toSql(), $query->getBindings());
The array of bindings get substituted in the same order the ? appear in the SQL statement.
check this link
I'm trying to select some rows from a table (PostgreSQL) using the following code:
my $kadadbh = DBI->connect(
"dbi:Pg:dbname=$dbname;host=$host",
$dbuser,
$dbpasswd
);
my $subject_nar_sel= $kadadbh->prepare(
'SELECT * FROM subject WHERE SUBSTRING(CAST(id AS text),1,6) = "?";'
);
$nar=605812;
$subject_nar_sel->execute($nar);
But I get an error:
called with 1 bind variables when 0 are needed at ...
I get the same error when I swap the single and double quotes:
"SELECT * FROM subject WHERE SUBSTRING(CAST(id AS text),1,6) = '?';"
How can I fix this?
You current query is testing whether SUBSTRING(CAST(id AS text),1,6) matches the literal string suspiciously-named quoted identifier "?". So don't quote the ?, even when the bind parameter has a string type:
SELECT * FROM subject WHERE SUBSTRING(CAST(id AS text),1,6) = ?
I need help to build a Laravel query from my raw SQL Query. I tried many way and did not find my Luck. Can anybody help me? My Raw SQL code is given bellow.
SELECT exams. * , count( question_details.exam_id ) AS qus_enter
FROM exams
INNER JOIN question_details ON exams.id = question_details.exam_id GROUP BY exams.id
This is what I've tried:
$examListsID = DB::table('exams')
->join('question_details', function($join) {
$join->on('exams.id', '=', 'question_details.exam_id as qus_enter');
})
->whereraw('count(qus_enter) = exams.total_question')
->select('exams.id as examID','qus_enter','exams.total_question')
->count('qus_enter')
->groupby('exams.id')
->get();
$examLists = Addexam::where('id','=',$examListsID->examID)
And I Get this Error:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'as qus_enter where count(qus_enter) = exams.total_question' at line 1 (SQL: select count(qus_enter) as aggregate from exams inner join question_details on exams.id = question_details.exam_id as qus_enter where count(qus_enter) = exams.total_question)
$result = DB::table('exams')->join('question_details','exams.id','=','question_details.exam_id')->select([
exams.*,
DB::raw('count( question_details.exam_id ) AS qus_enter')
])->GroupBy('exams.id')->get()
Hope this helps
DB::listen(function ($data) {
var_dump($data->bindings);
dd($data->sql);
});
I'm trying to use fetchAll on a query that has 2 variables. I can't figure out the syntax.
I can manage with only 1 variable:
$sql = "SELECT * FROM mytable WHERE field1 = ?";
$this->_db->fetchAll($sql,$value1); # that works
However I'm having some issues when query has multiple variables
$sql = "SELECT * FROM mytable WHERE field1 = ? AND field2 = ?";
$this->_db->fetchAll($sql,$value1,$value2); # doesn't work
$this->_db->fetchAll($sql,array("field1"=>$value1,"field2"=>$value2)); # doesn't work either
The reason why I want to use ? instead of placing the variables directly into the query is that I've learned that using ? allows for the query to be compiled generically by the db engine and improves performances.
There are two types of parameter, named parameters and positional parameters. You're mixing the two types and that won't work.
Named parameters match a placeholder by name. Names are started with the : symbol. The parameter names are not the same as the names of the columns you happen to use them for. You supply parameter values in an associative array, using the parameter name (not the column name) as the array keys. For example:
$sql = "SELECT * FROM mytable WHERE field1 = :param1 AND field2 = :param2";
$this->_db->fetchAll($sql,array("param1"=>$value1,"param2"=>$value2));
Positional parameters use the ? symbol for the placeholder. You supply parameter values using a simple (non-associative) array, and the order of values in the array must match the order of parameter placeholders in your query. For example:
$sql = "SELECT * FROM mytable WHERE field1 = ? AND field2 = ?";
$this->_db->fetchAll($sql,array($value1,$value2));
Most brands of SQL database natively support only one style or the other, but PDO attempts to support both, by rewriting the SQL if necessary before preparing the query. Since Zend_Db is modeled after PDO, Zend_Db also supports both parameter styles.
This question is a bit old, but I thought I'd just add to it for reference sake.
I would recommend starting to use Zend_Db_Select with Zend_Db. I've been doing a lot with Zend_Db lately. More from Zend_Db_Select reference guide.
Lets assume you have a Zend_Db adapter: $this->_db
# this will get the Zend_Db_Select object
$select = $this->_db->select();
# now you build up your query with Zend_Db_Select functions
$select->from('mytable');
$select->where('field1 = ?', $field1);
$select->where('field2 = ?', $field2);
[...]
# echo to see the SQL (helps in debugging)
# SELECT * FROM mytable WHERE field1 = ? AND field2 = ? [...]
echo '<p>My SQL: ' . $select . '</p>';
# Execute the SQL / Fetch results
$results = $select->query()->fetchAll();
That's the basics from your given example, but the Zend Framework reference guide on the select object has a lot of good information on how to build even more complex queries with JOINS, UNIONS, GROUP BY, LIMIT, HAVING, etc.
If you wanted to use an alias name for a table or parameters, you use an associative array with the alias name being the index value:
# SELECT p.* FROM products AS p
$select->from('p' => 'products');
If you want to return only selected fields, you add an array of field names as a second parameter:
# SELECT model FROM products
$select->from(products, array(model));
Actually, the above could should produce fully qualified SQL as:
SELECT 'products'.model FROM 'products'
but I wrote the above for brevity and clarity in the example.
One thing I just came across is using AND and OR in the WHERE condition.
# WHERE a = $a
$select->where('a = ?', $a);
# WHERE a = $a AND b = $b
$select->where('a = ?', $a);
$select->where('b = ?', $b);
# WHERE a = $a OR b = $b
$select->where('a = ?', $a);
$select->orWhere('b = ?', $b);
# WHERE a = $a AND b = $b
$select->orWhere('a = ?', $a);
$select->where('b = ?', $b);
Notice, that whatever the following "where" function you use, will combine with the previous statement as that operand. Ok, that sounded confusing.
If the second "where" is an "OR" it will be an "OR" conditional. If the second "where" is a "AND" the statement will be "AND".
In other words, the first WHERE function is ignored in terms of what condition it will use.
In fact, I just asked a question on Stack Overflow yesterday regarding doing a complex WHERE using select.
Hope that helps!
Cheers!
Try this:
$sql = "SELECT * FROM mytable WHERE field1 = ? AND field2 = ?";
$statement = $this->_db->query($sql,array("field1"=>$value1,"field2"=>$value2));
$data = $statement->fetchAll();
$this->_db must be an instance of Db adapter.
Heres the actual Zend way to code for this.
$sql = "SELECT * FROM mytable WHERE field1 = :param1 AND field2 = :param2";
$this->_db->fetchAll($sql,array("param1"=>$value1,"param2"=>$value2));
$where = $this->_db->select()
->from('mytable')
->where('field1 = ?',$value1)
->where('field2 = ?',$value2);
$rowSet = $this->_db->fetchAll($where);
This works great for me