I have a table on my workbook that looks like below
Parameter Value
salestart 01/01/2016
saleend 01/21/2016
And I am trying to query a postgresql database and use the value for salestart and saleend in the where clause. I am just stuck on how to get the syntax perfect to achieve such a result. This is what I have thus far, but I get an error of:
ODBC escape convert error
And this is the actual syntax I am attempting. What must I alter so that this will be a valid statement and return the data I am needing?
let
Parameter = Excel.CurrentWorkbook(){[Name="Parameters"]}[Content],
txtsalestart = Table.TransformColumnTypes(Parameter,{{"salestart", type text}}),
txtsaleend = Table.TransformColumnTypes(Parameter,{{"saleend", type text}}),
Source = Odbc.Query("dsn=123", "Select * from saledb AND CAST(saledate As Date) BETWEEN between '"&#"txtsalestart" & "'" AND '"&#"txtsaleend" & "'#(lf)ORDER BY saleitem ASC")
in
Source
The query value is not built correctly: "'" AND '" should be "' AND '"
Related
I have a JPA/Springboot application backed by a Postgres database. I need to get a records that is equal to a substring passed back to the server.
For example:
Select * from dp1_attachments where TRIM(RIGHT(dp1_submit_date_dp1_number::text, 5)) ='00007'
This query works in PgAdmin, but not in the JPA #Query statement.
#Query("SELECT a.attachmentsFolder as attachmentsFolder, a.attachmentNumber as attachmentNumber, a.attachmentName as attachmentName, a.dp1SubmitDateDp1Number as dp1SubmitDateDp1Number,a.attachmentType as attachmentType, a.attachmentDate as attachmentDate, a.attachmentBy as attachmentBy "
+ "FROM DP1Attachments a WHERE TRIM(SUBSTRING(a.dp1SubmitDateDp1Number::text, 5 )) = :dp1Number")
I've also tried CASTing the parameter like this:
#Query("SELECT a.attachmentsFolder as attachmentsFolder, a.attachmentNumber as attachmentNumber, a.attachmentName as attachmentName, a.dp1SubmitDateDp1Number as dp1SubmitDateDp1Number,a.attachmentType as attachmentType, a.attachmentDate as attachmentDate, a.attachmentBy as attachmentBy "
+ "FROM DP1Attachments a WHERE TRIM(SUBSTRING(CAST(a.dp1SubmitDateDp1Number as string, 5 ))) = :dp1Number")
but the application won't even run, and returns an error that the query isn't valid.
If I make no attempt to cast it, I get an error that function pg_catalog.substring(numeric, integer) does not exist
UPDATE
I've also tried creating a native query instead but that also doesn't seem to work.
List<DP1AttachmentsProjection> results = em.createNativeQuery("Select * FROM dp1_attachments WHERE TRIM(RIGHT(CAST(dp1_submit_date_dp1_number as varchar),5)) =" + dp1Number).getResultList();
In place of varchar I have also tried string and text.
Errors come back similar to ERROR: operator does not exist: text = integer. Its like the CAST is being ignored and I'm not sure why.
I also tried the following as a native query:
em.createNativeQuery("Select * FROM dp1_attachments WHERE TRIM(RIGHT(dp1_submit_date_dp1_number::varchar),5)) =" + dp1Number).getResultList();
and get ERROR: syntax error at or near ":"
FINAL SOLUTION
Thanks to #Nenad J I altered the query to get the final working solution:
#Query(value = "SELECT a.attachments_Folder as attachmentsFolder, a.attachment_Number as attachmentNumber, a.attachment_Name as attachmentName, a.dp1_Submit_Date_Dp1_Number as dp1SubmitDateDp1Number,a.attachment_Type as attachmentType, a.attachment_Date as attachmentDate, a.attachment_By as attachmentBy FROM DP1_Attachments a WHERE TRIM(RIGHT(CAST(a.dp1_Submit_Date_Dp1_Number as varchar ), 5 )) = :dp1Number", nativeQuery = true)"
Default substring returns a string, so substring(integer data,5) returns a string. Thus no need for the cast.
#Query("SELECT * FROM DP1Attachments a WHERE TRIM(SUBSTRING(a.dp1SubmitDateDp1Number, 5)) = :dp1Number")
But I recommend in this case use native query like this:
Put this code in your attachment repository.
#Query(value="SELECT * FROM DP1Attachments AS a WHERE TRIM(SUBSTRING(a.dp1SubmitDateDp1Number, 5 )) = :dp1Number", nativeQuery=true)
Be careful with the column's name.
String q = "select id from Calendar c " +
"where c.isActive = 1 and " +
"date_part('dow', '2017-09-19 13:23:23'::date) = c.frequencyValue)";
Query query = em.createQuery(q);
List results = query.getResultList();
If I include ::date, hibernate would complain because : conflicts with parameter, but if I don't, postgres will complain. Could not choose a best candidate function. You might need to add explicit type casts. What can I do?
https://docs.jboss.org/hibernate/orm/3.3/reference/en/html/queryhql.html#queryhql-expressions
as specified extract function should work if the underlying db supports them so:
extract(dow from date '2017-09-19 13:23:23');
should works
With code like this:
string strCommand = "SELECT * FROM \"MyDataBase\".\"vwUsers\" "
strCommand += "WHERE name LIKE '%' || :name || '%' ";
strCommand += "ORDER BY name ASC LIMIT :page_limit OFFSET :row_offset";
NpgsqlCommand cCommand = new NpgsqlCommand(strCommand);
cCommand.Parameters.Add(new NpgsqlParameter("name", NpgsqlDbType.Text));
cCommand.Parameters[0].Value = strName;
cCommand.Parameters.Add(new NpgsqlParameter("page_limit", NpgsqlDbType.Integer));
cCommand.Parameters[1].Value = nPageAmount;
cCommand.Parameters.Add(new NpgsqlParameter("row_offset", NpgsqlDbType.Integer));
cCommand.Parameters[2].Value = nRowOffset;
Is there a way to get the full text of the command string with all the parameters plugged into it?
Nope. The reason for this is that since Npgsql 3.0 parameters aren't simply substituted in the string; Npgsql actually sends your SQL with parameter placeholders, and transmits the parameters in a separate message and in binary encoding. In other words, there's no point anywhere at which the SQL query is available as text with the parameters.
(Note: in Npgsql 2.2 client-side parameter binding was done for non-prepared messages, so this was in theory possible).
try this cCommand.CommandText
reference Npgsql.NpgsqlCommand
I am using JDBC in JSP with PostGreSQL.
I want to read all values of a row with the given titel and interpret from a text field but the AND operator doesn't work.
// some code
stmt = conn.createStatement();
res = stmt.executeQuery(
"SELECT * " +
"FROM album " +
"WHERE interpret = ? AND titel = ? " +
"ORDER BY interpret, titel ASC "
);
//... closte statements, etc.
Not I get a syntax exception for AND.
Do you guys have any advices why?
You cannot use bind variables in a statement created with createStatement.
PreparedStatement is what you should be working with.
Use:
stmt = conn.prepareStatement();
stmt.setString(1, interpretValue); //set the value for the first parameter to interpretValue
stmt.setString(2, titleValue); //second parameter
A PreparedStatement is the preferred way of executing SQL statements because the statement is precompiled. This can be more efficient than a Statement, specially if the same query is executed multiple times.
I'm doing a little application for the work and it includes a form. When the person using the form doesn't put a value in a data type "numeric" (lets say a PIN number) or even a date in one of my "date" Data Type fields (lets say his anniverssary), it returns me with the errors as follow:
Error Type – Type d'erreur
_Microsoft OLE DB Provider for ODBC Drivers (0x80004005)_
ERROR: invalid input syntax for type numeric: ""; Error while executing the query
Error Type – Type d'erreur
_Microsoft OLE DB Provider for ODBC Drivers (0x80004005)_
ERROR: syntax error at or near ")"; Error while executing the query
So it seems that when the person using the form enters nothing, it returns the string "empty" that is "".
Why can't the numeric type and data type read that as a NULL entry? These fields are not mandatory and so I need to have them be sometimes blank.
How can I make it possible? Is their a way to keep using "numeric" and "date" type so that when the user enters nothing in those fields, the table fills with a blank case insted of giving me this error?
Here is my sql statement :
trsConn.EXECUTE "INSERT INTO ""TRS"".employeetbl ( "& _
"""firstName"", " & _
"""lastName"" , " & _
"""detContract"", " & _
"sle, " & _
"""posNumber"" "& _
") VALUES (" & _
"'" & Request.Form("empFirst") & "', " & _**
"'" & Replace(Request.Form("empLast"), "'", "`") & "', " & _
"'" & Request.Form("dateContract") & "', " & _
"'" & Request.Form("sle") & "', " & _
"'" & Request.Form("posNum") & "');"
(The posNum and dateContract are both respectivly of type "numeric" and "date"
Thanks so much for the help. Looking forward for hearing what you geniuses have to say.
The concept of NULL in SQL is pretty muddled and inconsistent ... but it's very clear that '' is distinct from NULL.
'' isn't NULL, it's '', the empty string. You can't convert it to a date, number, etc:
regress=# SELECT CAST('' AS DATE);
ERROR: invalid input syntax for type date: ""
LINE 1: SELECT CAST('' AS DATE);
^
regress=# SELECT CAST('' AS NUMERIC);
ERROR: invalid input syntax for type numeric: ""
LINE 1: SELECT CAST('' AS NUMERIC);
^
Some products - notably Microsoft Access and old versions of MySQL - are confused about that matter. NULL is NULL, '' is the empty string; they aren't the same thing. You can't convert one to the other.
So it seems that when the person using the form enters nothing, it
returns the string "empty" that is "". Why can't the numeric type and
data type read that as a NULL entry? These fields are not mandatory
and so I need to have them be sometimes blank.
That's your application's job. When your app it sees the empty string come in on a form field for a numeric, date, or similar, it should send NULL to the database, not ''. That's normally a routine part of converting data from user input before it's supplied to the database. It is vital that you do such conversion; you should never just send values from the user straight to the database.
A quick search suggests that asp classic uses null or undefined as its null values; you should be able to pass them into your prepared statements when something is null.
The fact that you get a syntax error after the error about '' suggests that you're building your SQL statements as strings, not using prepared statements with placeholders. (Thanks JayC for the SO question ref). This is begging for SQL injection; in other words your application is critically insecure. Imagine what happens if the user enters the "date":
2012-01-01'); DROP SCHEMA public;--
and your app happily turns that into
INSERT INTO sometable (blah, blah, blah) VALUES (1, 2, DATE '2012-01-01'); DROP SCHEMA public;--');
The DROP SCHEMA then merrily executes and whoops, splat, there goes your database. That's just the dumbest, simplest kind of SQL injection attack too.