Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us in NYC Sept 4th for Qlik's AI Reality Tour! Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Anonymous
Not applicable
‎2010-06-24 07:46 AM

[resolved] SQL bind variables

Hi,
Is it possible to use bind variable in SQL statement?

I'd like to perform the following query unsing a tOracleInput:
select * from project where project_type_id = 0683p000009MAB6.pngrojectTypeID;
The bind variable projectTypeID could get its value from a context.
The bind variable is much more secure than append a string to the query.
Cheers,
Seb
Labels (2)
Labels
1,306 Views
0 Likes
1 Solution

Accepted Solutions
Anonymous
Not applicable
‎2010-07-19 07:26 PM
Author

Technically, Prepared Statement are opened only once by loop in a t*Input (in the begin part of the component).
Iterating 1000 time over a t*Input would create / close 1000 Prepared Statement over the database which is definitely wrong.
In a row component, prepared statement will be created only once (begin part) but will benefits of the main part to be reused for the 1000 rows and this is the exactly the purpose of Prepared Statements.
M.

View solution in original post

854 Views
0 Likes
18 Replies
Anonymous
Not applicable
‎2010-06-25 05:23 PM
Author

to my knowledge this is not possible right out of the box-- fortunately, Talend is the most flexible ETL tool out there so I am sure you can get this to work.
I would suggest looking into the database input components. you can probably modify them to use context variables and bind variables.
854 Views
0 Likes
Anonymous
Not applicable
‎2010-06-29 06:23 AM
Author

Thanks for the information.
Too bad that it is not directly possible.
Seb
854 Views
0 Likes
Anonymous
Not applicable
‎2010-07-02 06:09 AM
Author

Bind variables are those variables which are used as a copy of main variable means it takes initiate value of main variable for which this bind variable is declared.
854 Views
0 Likes
Anonymous
Not applicable
‎2010-07-02 07:44 AM
Author

Yes this requirement is so common that I completely agree that directly binding for example context variables in sql statements would be a very welcomed addition, expecially in an enterprise ETL tool some people expect this feature for granted... parametrized queries...
Resorting always to manual string concatenation seems always a bad hacked in thing...
854 Views
0 Likes
Anonymous
Not applicable
‎2010-07-02 07:52 AM
Author

I've opened a feature request, in case monitor or comment it
http://www.talendforge.org/bugs/view.php?id=14120
854 Views
0 Likes
Anonymous
Not applicable
‎2010-07-19 06:06 PM
Author

Hi
A Use PreparedStatement option has been added to all db row components (Advanced settings section) since 4.0
From our point of view, such an option is more interesting when you have parameters that change for every input row, than on input components.
I think that this answer to the request.
Regards,
854 Views
0 Likes
Anonymous
Not applicable
‎2010-07-19 06:56 PM
Author

Hi mhirt,
Can you please explain what is wrong with using a Prepared Statement in the input components?
Why not let the user decide whether to use a PreparedStatement or a simple statement. (This is how my tJDBCInput extension does it).
Has there been a discussion or vote on this? Who decided not to implement it?
I find it important because of several reasons:
1) a PS with bind variables is safer because it prevents SQL injection attacks
2) a PS with bind variables simplifies development of JDBC based "on premise" solutions, where the customer can choose the db vendor of their data warehouse. Consider an input query that selects records based on a start date. If bind variables are used the java Date parameter can be passed to the PS and the JDBC driver would take care of the formatting. If bind variables are not used, the ETL developer is responsible for doing the vendor specific adaptations, which results in ugly code & duplication.
Please reconsider issue http://www.talendforge.org/bugs/view.php?id=14120
Regards,
Amnon
854 Views
0 Likes
Anonymous
Not applicable
‎2010-07-19 07:26 PM
Author

Technically, Prepared Statement are opened only once by loop in a t*Input (in the begin part of the component).
Iterating 1000 time over a t*Input would create / close 1000 Prepared Statement over the database which is definitely wrong.
In a row component, prepared statement will be created only once (begin part) but will benefits of the main part to be reused for the 1000 rows and this is the exactly the purpose of Prepared Statements.
M.
855 Views
0 Likes
Anonymous
Not applicable
‎2010-07-19 07:34 PM
Author

Why would anyone iterate 100 times of the t*input?
In the input component I modified it seems that a PS is created only once.
Would you like to examine the code?
Amnon
854 Views
0 Likes