Unable to pass parameters with periods in Oracle APEX / REST - oracle

Using Oracle APEX 5.0.4, with Oracle 12c. I am trying to write a REST service in Oracle APEX. I have a SQL statement...
select * from <my_table> where company_name = 'GOOGLE INC.'
When run from a straight SQL prompt, this runs and returns data. I have tried to implement this in a REST service, specifically using a URI template. I am using a bind variable, so my query now looks like.
select * from <my_table> where company_name = :ACCT_NAME;
Both the space and the period in my company name are causing me problems, returning no rows. If my BIND VARIABLE is a single word, then no problems. I found UTL_URL.UNESCAPE, and have tried to use that. This seems to solve the problem of having a space, but does not fix issue when the company name contains a period.
I rewrote my SQL Statement to
select * from <my_table> where company_name = UTL_URL.UNESCAPE(:ACCT_NAME);
The query will work if the BIND VARIABLE (aka company name) is multiple words, but NOT containing a period. For example, I can look up 'GOOGLE INC' by setting my bind variable = 'GOOGLE%20INC' . I need to be able to look up 'GOOGLE INC.' [notice the period at the end of INC] so I set my bind variable = 'GOOGLE%20INC%2E' and I consistently get 'BAD REQUEST'. It appears that the URI template is not valid.
If I pass this in via a straight SQL statement (aka OUTSIDE of the REST service), my data is found...
select * from <my_table> where company_name = UTL_URL.UNESCAPE('GOOGLE%20INC%2E');
There is something unique about the PERIOD character... Any ideas?

Related

Squirrel SQL - user input prompt

I am a first time user of Squirrel SQL client for Oracle DB.
When I am executing the below queries it is not popping up with a user input dialog box, instead just displaying empty rows
Query
Select * from employees e
Where e.id in ('&emp_id');
The same query when executed in SQL Developer gives an user input dialog pop up.
Tried with = and other minor tweaks, nothing has worked for me
I don't use Squirrel SQL, but - from my point of view - your code doesn't work because the engine searches for ID values that are equal to string, literally '&emp_id'.
If you want to be prompted for a parameter value, try colon:
select * from employees e where e.id = :emp_id;
-------
this
You used IN; that's OK as long as you enter a single value for a parameter. If you planned to use several values (e.g. comma-separated list of values), that won't work just because. There's a way to do it - for example, you'd split those values into rows and use them as a subquery, but - that's beyond your current problem. First try to make it work with a single value passed as a parameter.
Squirrel SQL does not support input prompts in the way that SQL Developer does. One way to achieve similar functionality would be to use a prepared statement instead of a prompt.
You can do this by replacing the prompt with a bind variable, like this:
Select * from employees e Where e.id = ?
Then, when you run the query, Squirrel SQL will prompt you to enter the value for the bind variable (in this case, the value of emp_id). This will be done in a separate window in Squirrel.

How do I use a parameter within BI Publisher to update the table name I am querying in an Oracle Data set

I am trying to create a BI Publisher data model which runs the Oracle query below -
SELECT *
FROM audit_YYYYMM
(this should be the YYYYMM of the current date)
How do I setup a parameter default value within the datamodel to grab the YYYYMM from the SYSDATE?
How do I append this parameter within the data set SQL Query?
I tried SELECT * FROM audit_:Month_YYYYMM
(where I had a string parameter called Month_YYYMM)
This did not work.
You are going to have to use something like EXECUTE_IMMEDIATE. And you may have to make a separate PL/SQL package to launch rather than use the built in data definition stuff.
https://docs.oracle.com/cd/B19306_01/appdev.102/b14261/executeimmediate_statement.htm

Named Parameter with AND/OR in CONTAINS query is not working

I am using Oracle Text for searching in my web application. I have configured Oracle Text by creating Data Store and Index.
This is my query
select * from PROFILE where CONTAINS(FIRST_NAME,:firstName OR :secondName,1)>0;
Every time I get the following exception ORA-00907: missing right parenthesis.
But after replacing :firstName and :secondName by any string it's working perfectly.
Also its working perfectly with one parameter.
select * from PROFILE where contains(FIRST_NAME,:firstName,1)>0
The above code is working. But after adding OR :secondName, the result is ORA-00907
From the Oracle Text documentation, it seems CONTAINS is a defined as a regular function with three parameters (the last one optional):
CONTAINS(
[schema.]column,
text_query [VARCHAR2|CLOB]
[,label NUMBER])
RETURN NUMBER;
The text_query parameter is a regular string interpreted as a phrase. Thus you should write:
select * from PROFILE where contains(FIRST_NAME, :search_query, 1)>0
And bind the value FOO OR BAR to the variable search_query since the OR keyword is not part of the SQL query in this case.
You should better use
select * from PROFILE where CONTAINS(FIRST_NAME,:firstName ,1)>0
OR CONTAINS(FIRST_NAME,:secondName,1)>0

Firebird queries using chars/varchar

I am using SQLManager Lite for firebird and it was impossible so far to write a query which would do an operation on char/varchar columns. Character set is win1252.
A query like
select * from Person where name = 'John'
won't return any results despite the fact that the record exists in the database. A similar query on a numerical column works just fine.
AM I am missing anything here?
Also, this query runs fine from my application. The only issue is that I would like to be able to run it within SQLManager Lite too. As a side note, values for char and varchar columns are not displayed properly within the same SQLManager Lite.
change to like
select * from Person where name like 'John'

How to resolve SQL query parameters mapping issues while using Oracle OLE DB provider?

When trying to enter a SQL query with parameters using the Oracle OLE DB provider I get the following error:
Parameters cannot be extracted from the SQL command. The provider might not help to parse parameter information from the command. In that case, use the "SQL command from variable" access mode, in which the entire SQL command is stored in a variable.
ADDITIONAL INFORMATION:
Provider cannot derive parameter information and SetParameterInfo has not been called. (Microsoft OLE DB Provider for Oracle)
I have tried following the suggestion here but don't quite understand what is required:Parameterized queries against Oracle
Any ideas?
To expand on the link given in the question:
Create a package variable
Double click on the package variable name. (This allows you to access the properties of the variable)
Set the property 'EvaluateAsExpression' to true
Enter the query in the expression builder.
Set the OLE DB source query to SQL Command from Variable
The expression builder can dynamically create expressions using variable to create 'parametised queries'.
So the following 'normal' query:
select * from book where book.BOOK_ID = ?
Can be written in the expression builder as:
"select * from book where book.BOOK_ID = " + #[User::BookID]
You can then do null handling and data conversion using the expression builder.
If You use Data Flow Task and use OLE DB Source, and you need parameterize your Query :
Create Variable to save "Full" of Query statement : Right Click on blank area outside the package - and Click Variables :
Click Add Variables on Variables Window :
Make the name is SQL_DTFLOW_FULL or something that can you understand easily. The variable data type is STRING
Create Variable(s) to save your parameter(s).
i.e, the full of Query stamements is :
SELECT * FROM BOOK WHERE BOOK_ID = #BookID --#BookID is SQL Parameter
at the sample above, I have just one parameter : #BookID, so I need to create one variable to save my parameter. Add more variables depends on your Queries.
Give it name SQL_DTFLOW_BOOKID
The variable data type is STRING
So, you need make your SSIS neat, and the variables is sorted in understandable parts.
Try to make the variable name is SQL_{TASK NAME}_{VariableName}
Make Expression for SQL_DTFLOW_FULL variable, click on number 1, and start fill number 2. Make Your SQL Statements to be a correct SQL Statement using string block. String block usually using "Double Quote" at the beginning and the end. Concat the variables with the string block.
Click evaluate Expression, to showing result, to make sure your query is correct, copy-paste the Query result at SSMS.
Make sure by yourself that the variables is free from SQL Injection using your own logic. (Use your developer instinct)
Open the Data Flow Task, open the OLE DB Source Editor by double click the item.
Select the Data Access Mode : SQL Command From Variable
Select the Variable Name : SQL_DTFLOW_FULL
Click Preview to make sure it works.
That is all, my way to prevent this SSIS failure case. Since I use this way, I never got that problem, you know, SSIS something is weird.
To change the variable value, set it before Data Flow Task, the SQL Result of SQL_DTFLOW_FULL variable will changed every you change your variable value.
In my case the issue was that i had comments within the sql in the normal form of /* */ and i also had column aliases as "Column name" instead of [Column Name].
Once i removed them it works.
Also try to have your parameter ? statement within the WHERE clause and not within the JOINS, that was part of the issue too.

Resources