I'm trying to incorporate a PBI variable/parameter in to the SQL statement via the advanced editor however no matter what way I write it I receive an error.
Can anyone point me to the correct way to incorporate this parameter?
The code is below:
[Query=" DECLARE #YearsToRetrieve2 INT = "& YearsToRetreieveM &"
SELECT * FROM dbo.Data_Sales
WHERE YEAR(TransDate) >= YEAR(GETDATE()) - #YearsToRetrieve2"
Related
I have a calculated field which computes a total based on a particular type:
sumIf(amount, type = "sale")
Now I'm trying to convert the result to string and then concatenate some text to it, but doing toString(sumIf(amount, type = "sale")) gives the following message:
We can’t parse this SQL syntax. If you are using custom SQL, verify the syntax and try again. Otherwise, contact support.
Is there any way to make this work?
Did you try using the correct bracket type? i.e.
toString(sumIf({amount}, {type} = "sale"))
I tried an example like this and that worked fine, Quicksight can have issues when calling fields without the right brackets.
I am trying to refresh a report with dynamic action. And get the following errors:
{'dialogue': {'uv': true, 'line': [{'V': "failure of Widget}]}}
ORA-20876: stop the engine of the APEX.
classic_report"}]}}
I think its an issue with string which can't take and ST.ID IN (:P11_ROW_PK) in sql query.
Please suggest a workaround for the same.
This question requires the context you've provided in
https://stackoverflow.com/a/63627447/527513
If P11_ROW_PK is a delimited list of IDs, then you must structure your query accordingly, not expect the IN statement to deconstruct a bind variable containing a string.
Try this instead
select * from your_table
where st.id in (select column_value from apex_string.split(:P11_ROW_PK))
where REGEXP_LIKE(CUSTOMER_ID, '^('|| REPLACE(:P4_SEARCH,',','|') ||')$')
Above code will act same as APEX_STRING only if you are using lower version Apex
I´m working for the first time with OCI so this may be a basic question.... I´m coming from MySql word.... Using VS2012 with C++.
I wish to do a simple SELECT statement with some variations on WHERE and LIMIT clause. The SQL query is build dynamically from a C++ written processor and the statement comes ready from this module. So I may have something like:
SELECT * FROM MYTABLE3; or
SELECT F1, F2, F3 FROM MYTABLE1; or even
SELECT F1, F3, F4 FROM MYTABLE2 WHERE ID > 10;
No big deal here.
My problem is that I DON´T KNOW IN ADVANCE THE TABLE FORMAT, so I cannot bind variables to it before executing the statement and fetching the table structure. In MySql that´s easy, because I execute the statement and I get the resultSet. From the resultSet I can check the number of columns retrieved, the name, data format and size of each column. After reading that data I build a dynamic matrix with the table structure and its data, my final goal. Something as:
sql::ResultSetMetaData *resultMeta = resultSet->getMetaData();
while (resultSet->next())
{
for (unsigned int i = 1; i <= resultMeta->getColumnCount(); i++)
{
std::string label = resultMeta->getColumnLabel(i);
std::string type = resultMeta->getColumnTypeName(i);
// ... Get the resultset attributes and data
}
retData.push_back(data);
}
From what I´ve seen in Oracle, I need to bind the variables that are going to be returned before issuing the execute/fetch operations. In my case I cannot do it because I don´t know the table structure in advance...
I´m pretty sure Oracle can do that, I just don´t know how to do it. I´ve read the Oracle Docs and did not find references to it....
Help is very much appreciated and code examples also. I´m stuck with that for 2 days now... Thanks for helping.
Can you please try the following on your statement handle ( stmhp). This will give you column count on your oracle statement.
err = OCIAttrGet ((dvoid *)stmhp, (ub4)OCI_HTYPE_STMT, (dvoid *)
&parmcnt, (ub4 *) 0, (ub4)OCI_ATTR_PARAM_COUNT, errhp);
Please check this link also which will help you to find out data type of every column in the resultset.
Retrieving data type information for columns in an Oracle OCCI ResultSet
I am new to SQL. is it possible with use of some library in c++to execute sql commands like
std::shared_ptr<database> ptr( new odb::sqlite::database ("database.db",
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE));
//the above line contains the pointer and the lower line contains the function that executes the query on the databse with the pointer
executesql("select * from tablea where x> y ", ptr);
becasue what is happening with me is that i get sql queries from another machine in the "select from etc..." format and i want to execute it in a similar fashion without going into parsing stuff and writing new code to do so.
I finally found the answer.
its given in a lot of detail at the following link.
http://www.codeproject.com/Tips/378808/Accessing-a-SQLite-Database-with-Cplusplus.
Can you guys see any obvious error in this query? The error im getting is: `Unknown column 003ADF50 in field list. 003ADF50 wtf?
query << "UPDATE `record` SET `record` = " << lastRecord << ", `time` = " << time;
What looks to be happening here is that one of those values that you're injecting into your sql is coming up as 003ADF50. (Probably the time value?)
Brendan Long is correct: you should be using prepared statements to properly handle parameters in your SQL. Manually concatenating strings leads to quoting problems like you see here, which can be serious security problems in your code. The specific quoting problem you're running into here is that the parameters aren't quoted in your resulting query string. If you were typing the SQL manually into the mysql client, you'd say something like:
UPDATE `record` set `record` = 'foo';
If instead you left out the quotes on 'foo', you'd have:
UPDATE `record` set `record` = foo;
which is trying to set the record column to the value of the foo column, rather than the literal string 'foo'. The same thing is happening with the SQL you're generating from your C++. Trying to solve this by manually adding quotes isn't a good idea -- what happens when the string parameter contains a quote character? The best thing to do is to use prepared statements.
Also, Google "little bobby tables" for a well-known XKCD comic about sql parameter injection, and consider what would happen if Bobby Tables' name found its way into one of your program's variables.