Solved: [resolved] SQL bind variables - Page 2 - Qlik Community

Anonymous · ‎2010-06-24

Hi,
Is it possible to use bind variable in SQL statement?

I'd like to perform the following query unsing a tOracleInput:
select * from project where project_type_id =

rojectTypeID;
The bind variable projectTypeID could get its value from a context.
The bind variable is much more secure than append a string to the query.
Cheers,
Seb

Anonymous · ‎2010-07-29

Is it possible to have a discussion on this matter?
I am not sure I understand why it is better to support a prepared statement and bind variables in a t*Row component than it is in a t*Input component.
Amnon

Anonymous · ‎2010-10-22

HI,
I tried the PS of tOracleRow.
See the picture below for the implementation.
But It failed to execute because of wrong java code.
Can you explain me why?
Of course this is a very simple case.
Thanks
Seb
Resolved see my next post

Anonymous · ‎2010-10-22

Hi Again,
I've found my problem.
The schema was not defined correctly.
See the picture below.

Anonymous · ‎2010-12-16

Talend team: prepared statements are not only for "parameters that change for every input row". With them we don't have to worry about constant formating. Compare:
"select a from tab where date = " + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS").format(globalmap.get("somedate"))
or this:
"select a from tab where date = ?"
?

guymage · ‎2011-01-19

Hi,
Does anyone know how to do a prepared statements in the lookup of a tMap ?
With a lookup I use to use a tOracleInput (with no prepared statement), I tried with a tOracleRow but it does not work.
For information, my changing parameter is a context variable initialized every row.
Thanks

Anonymous · ‎2011-01-19

I know, wait till I attach rarjpeg .
Since lookup is done in a separate method, you have to pass the lookup key via globalMap. tMap's Expr. key :
null == globalMap.put("row12.TABLE_NAME", row12.TABLE_NAME) || true ? row12.TABLE_NAME : null
This expression puts the value to globalMap and returns it
In tMap settings set Lookup model to "reload at each row"
In tXxxRow globalMap.get() as one of prepared statement parameters
Then you use tParseRecordSet and connect it's output to tMap as lookup row
upd: Attached. You can unpack the job from the screenshot

guymage · ‎2011-01-19

Thank you for your answer, but I can not find your attached job ?

guymage · ‎2011-01-20

Ok, I found the Job (thank you Ilya).
Now it works perfectly, thanks a lot

Anonymous · ‎2011-02-25

I completely agree.
In addition, with bind variables the DB engine does not need to parse the statement each time that it is executed (at least with Oracle).

Hi mhirt,
Can you please explain what is wrong with using a Prepared Statement in the input components?
Why not let the user decide whether to use a PreparedStatement or a simple statement. (This is how my tJDBCInput extension does it).
Has there been a discussion or vote on this? Who decided not to implement it?
I find it important because of several reasons:
1) a PS with bind variables is safer because it prevents SQL injection attacks
2) a PS with bind variables simplifies development of JDBC based "on premise" solutions, where the customer can choose the db vendor of their data warehouse. Consider an input query that selects records based on a start date. If bind variables are used the java Date parameter can be passed to the PS and the JDBC driver would take care of the formatting. If bind variables are not used, the ETL developer is responsible for doing the vendor specific adaptations, which results in ugly code & duplication.
Please reconsider issue http://www.talendforge.org/bugs/view.php?id=14120

[resolved] SQL bind variables

Other

Talend Data Integration