Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Does PocketQuery work with dynamic table names?

Jeremy Soronen
Jeremy Soronen May 18, 2016

I would like to use a parameter as part of a table name.  Is it possible to do this with PocketQuery?   The database I am sending queries to has one set of tables for each customer of ours such as ABC, DEF, GHI.

If I need to run the query for customer ABC, the table would be ABC.EMPLOYEES.

If I need to run the query for customer DEF, the table would be DEF.EMPLOYEES.

Can I do this something like :customer.EMPLOYEES?

Answer
Watch
Like Be the first to like this
567 views

2 answers

1 accepted

2 votes
Answer accepted
Felix Grund (Scandio)
Felix Grund (Scandio)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 19, 2016

Hi Jeremy,

Thank you for your interest in PocketQuery! This doesn't work with the latest release of PQ on the marketplace, but it should work with PocketQuery 2.1 which is not released yet. Could you install our current release candidate version 2.1-m7? With this one I got my example work...

Query:

SELECT Name, Population
FROM :Table
WHERE Continent = :Continent

The only thing to take care: in the field Parameter Types you must enter YourTableParameter=Constant so in my case I put Table=Constant.

PocketQuery 2.1 will be released very soon!

Regards, Felix (Scandio)

View More Comments
Jeremy Soronen
Jeremy Soronen May 20, 2016

It seems to work, but I had an issue in that I cannot give the table an alias such as in the example below, I alias the table as apl and use it in other places such as:

SELECT * FROM ABCOBJ.TAPRRRPF utm inner join abcobj.tapdefpf uex on utm.UTID = uex.UTID inner join :Table apl on apl.applicationnumber = utm.applicationnumber and apl.employeeid = utm.employeeid and utm.CLIENTLIBRARY = 'xxx' where utm.UTID = '0105200015117555'

 

The queries in PocketQuery only seem to work if you put :Table everywhere such as:

SELECT * FROM ABCOBJ.TAPRRRPF utm inner join abcobj.tapdefpf uex on utm.UTID = uex.UTID inner join :Table on :Table.applicationnumber = utm.applicationnumber and :Table.employeeid = utm.employeeid and utm.CLIENTLIBRARY = 'xxx' where utm.UTID = '0105200015117555'

 

Another thing that would be needed is to let the result set have horizontal scrolling:

resultset.png
How the result set displays is simply unreadable when there are many columns needing to be returned.
Like
Felix Grund (Scandio)
Felix Grund (Scandio)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 24, 2016

Hi Jeremy,

This seems to be a matter of replacement order of the query template with the Spring library we are using under the hood. I don't see a straight forward solution to this. Most probably you'll have to do it as you wrote in your second example.

Regarding the styles, you will have to create your own layout with CSS in a <style> tag in the PocketQuery template. We cannot deal with possible custom layouts in the macro. A good starting point could be: https://css-tricks.com/fixing-tables-long-strings/

Regards, Felix

Like
Jeremy Soronen
Jeremy Soronen June 7, 2016

Felix, do you know if the text entered for the :Table is sanitized before running?

Like
Felix Grund (Scandio)
Felix Grund (Scandio)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 7, 2016

Hmm. What do you mean by "sanitized"?

Like
Jeremy Soronen
Jeremy Soronen June 8, 2016

My developer gave me this info:

Validated.  Determined not to be exploitative.  This only matters if they are using string concatenation.

If the query was "select * from users where :username"

If a user typed: "test'; drop table users;--" into the username field in the confluence page, would the code build the query string as something similar to: "select * from users where username = 'test'; drop table users;--"?

Like
Reply
0 votes
Felix Grund (Scandio)
Felix Grund (Scandio)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 9, 2016

Hi Jeremy,

I understand. Fear not:

  • PocketQuery cannot run multiple statements in one.
  • Query parameters will be inserted in the statement as strings, surrounded by single quotes. You can change that behaviour as a PocketQuery admin setting parameter types (see docs). But also then it must still be one statement and no manipulating clauses will ever work in your statement.

That said, I still recommend to use a read-only DB user for the PocketQuery connection. PocketQuery is designed to be a read-only tool and assigning a user with privileges for DB manipulation is unclean.

Regards, Felix

View More Comments
Felix Grund (Scandio)
Felix Grund (Scandio)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 15, 2016

Jeremy, do you have further questions or will you "accept"? smile

Like
Jeremy Soronen
Jeremy Soronen June 15, 2016

I accept.  I will create a new thread to ask about the possibility of allowing a query to be run against multiple servers instead of just one.   If more than one server is available, then the user can select which one instead of an auto-load occurring (a default could be specified if auto-load was selected).

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events