Skip to end of banner
Go to start of banner

sql

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Availability

This routine is available since katl-commons 1.0, changed in 2.5.8.

Syntax:

sql(datasourceName, sqlstring, [...])

Description:

Executes the SQL phrase over the defined datasource. For selects returning multiple rows, it concatenates the values (i.e. you select 2 values and the select returns 4 rows, you will have 2*4 = 8 values). For updates, it returns the update count.

Parameters:

Parameter name

Type

Required

Description

datasourceName

string

yes

The datasource name or JNDI name. For JIRA database, this is set to "jdbc/JiraDS" by default

sqlstring

string

yes

the SQL string

Since katl-commons 2.5.8, the routine accepts multiple parameters, in this case the sql statement being pushed as prepared into the database (check the second example below for right syntax). The old syntax is still functional too.

Returns:

string []

Example:

Example 1:

string [] results = sql("datasourceName", "select project_id from project_lookaside where project_code='" + project + "'");
//Note: this example is open to SQL injection if 'project' is not the standard issue project (derived) but a variable supplied by user. Take care.

Example 2:

string [] results = sql("datasourceName", "select project_id from project_lookaside where project_code=?", project);

//this is better. No sql injection possible.

Example 3:

It is tedious to iterate over a result in its flat form. The better way is to do it like this:

struct Person {
  string fName;
  string lName;
  number age;
}

Person [] results = sql("datasourceName", "SELECT fName, lName, age FROM person WHERE group_member = 'Y'");

//checks to see if there are results there are skipped for brevity, but
//now you can iterate over and use the dot notation, and 'age' is really a number.
string firstResult = results[0].fName + " " + results[0].lName + " " + results[0].age;

 

Notes:

To see how you should configure the data source, check the corresponding configuration chapter: SQL Data Sources.

See Also:

 

  • No labels