Insert data to DB avoiding code SQL injection

I didn't test this, but it might give you an idea:

sql = "INSERT INTO tutorial (title,titleArabic,shortDesc,shortDescArabic,description,descriptionArabic,externalLink,tutorialId,isActive) "
+ "VALUES(:title, :titleArabic, :shortDesc, :shortDescArabic, :description, :descriptionArabic, :externalLink, :tutorialId, :isActive)"

createOrUpdateRecord(sql, map);

void dbHelper::createOrUpdateRecord(const QString Insertquery, QMap paramMap {
    QSqlDatabase database = QSqlDatabase::database();
    QSqlQuery query(database);
    query.prepare(Insertquery);

    QMap 
         
 
         
 more
 
		 
 Tags: BlackBerry Developers
 
         
         
 
          
Similar Questions
 
          
 
            
           
 
		     
How to escape text in the query pattern to avoid the SQL Injection
 
			 We plan to use Oracle Text to search for in a Java web application and use a query template as shown below, but are concerned about SQL Injection attacks. In general, we use a parameter query, but that does not seem possible with these search patterns. Is there advice or recommended to avoid SQL Injection when using query patterns - what characters need to be escaped or cleaned the entry user, etc? Or is there another approach to query patterns which does the same thing, but can use the settings?


Select (1) score, my_id from my_table where CONTAINS (search_dummy,
' < query >
< textquery lang 'grammar' = 'CONTEXT' = > dangerous search terms
< progress >
< seq > < rewriting > transform ((JETONS, "${", "}","")) < / rewrite > < / next >
< seq > < rewriting > transform ((JETONS, "${", "}",";")) < / réécrire > / suiv >))
< seq > < rewriting > transform ((JETONS, "${", "}", "AND")) < / rewrite > < / seq >
< seq > < rewriting > transform ((JETONS, "${", "}", "ACCUM")) < / rewrite > < / seq >
< / progress >
< / textquery >
< score datatype = "INTEGER" algorithm = "COUNT" / >
(< / query > ', 1) > 0
ORDER BY SCORE (1) DESC;


Thanks in advance for any help or advice!			 
You should be able to put the entire query to the CONTAINS clause argument in a variable binding. Prevent SQL injection. It is possible they could do 'contains the injection' and perform research of the else clause contains this as your intention, but unless you are relying on a part of contains the clause to implement security, that shouldn't be a problem.
		   
 
            
           
 
		     
Reduce code SQL injection when forced to use substitution variables, as
 
			 The 3rd party software that I use has exactly a way to allow users to specify execution settings: the Substitution variables.
The scripts are executed using SQL * more. I'm looking for ways ensure this.


Please, don't say "do not use substitution variables" - read above, it is the only way this software works.




My first thought was something like this:
var myvar varchar2(30)
exec :myvar := '&user_input';
It's no good. What happens if the user specifies "X"; ". run immediately "drop table sometable" then we get
exec :myvar := 'X'; execute immediate 'drop table sometable';
Once again, not good.


I thought that perhaps something like the following would work:
exec :myvar := dbms_assert.noop('&user_input');
but then again, a malicious user could specify "'); run immediately "drop table sometable"; dbms_assert. NOOP('")


I'm open to suggestions.
What can I do to clean up the substitution variables?


Thank you!


Edited by: Yes on 30 January 2013 15:02			 
If your attacker is able to enter a value for this parameter substitution is too late to worry.
It can stop the execution of the script and enter a code of maliciious he wants. Or I missed something?
		   
 
            
           
 
		     
Blocker of SQL Injection
 
			 Hello all-


I have a server with a large number of ColdFusion templates (out of 10,000) I need really to protect agains SQL Injection.


I know that CFQUERYPARAM is the best way to do it. I would like to do this way, but with so many pages and so many requests that it would take weeks/months to resolve queries, perform a test to ensure that something I don't screw up.




So, I came up with a plan that I wanted to get feedback on.


Currently, I have a page on my server included in almost every page that is running. It's a simple page that I can edit to change the State of my system in the case of a change in database, or another kind of failure. (Pages are still running, but no update is allowed, read-only)




Okay, so on this page which is always included, I thought to analyze the variables that come more. I was thinking about looking for things that looked like a SQL injection attack and blocking of the page of the race.




I wanted to know if this could work someone ' a has any ideas? It would be great because I could protect the entire server in about an hour. But I don't want to give me a false sense of security if it really won't do the job.


			 
First of all, here are a few simple things you can do to protect all pages before you follow the other tips and plans in this thread:
In the CF administrator, click your data sources, click the button "Advanced".
It, you you uncheck everything except the read and stored procedure and (optionally) write permissions. 'Drop', 'Create', etc., are defined n - n here.
If you haven't already done so, make a data source-read only permissions and refactor your code to use it everywhere with the exception of the deletions, insertions and updates carefully separated.
Now, in SQL Server, remove all the permissions of the users who used with the exception of data_reader and (selective) writing data and exec on procedures or functions that you use.
In SQL server, configure at least two users of CF. We, should have only the permission of data_reader (more than read-only stored procedure).
Find articles, like this one: http://www.sqlservercentral.com/columnists/bknight/10securingyoursqlserver.aspand follow their advice, start by locking xp_cmdshell.
These measures require the CF code changes little or not, but will be blocking all but the most determined and skilled hackers. You should always follow the advice of good Adam.
BTW, Dan is very bad, ALL DB are vulnerable to code SQL injection.
SQL server is not the most vulnerable (studies show that Oracle now has this "honour").
		   
 
            
           
 
		     
Doubt on inserting data
 
			 Hey everyone, when we insert a data in the table with data type number, we do not give citations for inclusion... But, how oracle inserts data as shown below


SQL> desc emp;
 Name                                                                                Null?    Type
 ----------------------------------------------------------------------------------- -------- -----------------
---------------------------------------
 EMPNO                                                                               NOT NULL NUMBER(4)
 ENAME                                                                                        VARCHAR2(10)
 JOB                                                                                          VARCHAR2(9)
 MGR                                                                                          NUMBER(4)
 HIREDATE                                                                                     DATE
 SAL                                                                                          NUMBER(7,2)
 COMM                                                                                         NUMBER(7,2)
 DEPTNO                                                                                       NUMBER(2)


SQL> INSERT INTO emp
  2  VALUES ('1000','JOHN','NULL',null,'',null,null,null);

1 row created.

SQL> select * from emp;

     EMPNO ENAME      JOB              MGR HIREDATE         SAL       COMM     DEPTNO
---------- ---------- --------- ---------- --------- ---------- ---------- ----------
      7369 SMITH      CLERK           7902 17-DEC-80        800                    20
      7499 ALLEN      SALESMAN        7698 20-FEB-81       2000        300         30
      7521 WARD       SALESMAN        7698 22-FEB-81     1562.5        500         30
      7566 JONES      MANAGER         7839 02-APR-81       2975                    20
      7654 MARTIN     SALESMAN        7698 28-SEP-81     1562.5       1400         30
      7698 BLAKE      MANAGER         7839 01-MAY-81     3562.5                    30
      7782 CLARK      MANAGER         7839 09-JUN-81       2450                    10
      7788 SCOTT      ANALYST         7566 09-DEC-82       3000                    20
      7839 KING       PRESIDENT            17-NOV-81       5000                    10
      7844 TURNER     SALESMAN        7698 08-SEP-81       1875          0         30
      7876 ADAMS      CLERK           7788 12-JAN-83       1100                    20
      7900 JAMES      CLERK           7698 03-DEC-81    1484.38                    30
      7902 FORD       ANALYST         7566 03-DEC-81       3000                    20
      7934 MILLER     CLERK           7782 23-JAN-82       1300                    40
      1000 JOHN       NULL

15 rows selected.
Can someone please explain to me how oracle inserts a number with quotes data type


>
INSERT INTO emp
VALUES ('1000 ', 'JOHN', "null", null, null, null);
 
			 
Conversion explicit data types.
Oracle do in-house: to_number('1000')
		   
 
            
           
 
		     
Several tools of DB insert data error Code :-2147217900
 
			 
Hi all :-),.
I'm new to LabView. Right now I use version 8.2.
I browse the topic, but I don't seem to find what I need.
I have two question and I hope you guyz can help.
1. I make a program and I need to insert my data in SQL.
Previously, I was using simple DB tools Insert Data.vi due to the one table involved. It was OK.
In this case, I need to push about 8 groups of data inside the database every 5 seconds.
I'm not sure on how I should wire VI if I use both 8.
I tried connecting parallel connection open tools and a data tools insert series to another.
What is the right way to do it? Please notify. I have attached the insertion of data in my program part.
2. previously when I try to connect all the 8 in the series, the tracks of vi, however, it does not the data in the database. But when I stopped the VI and tried to run again, the code of error-2147217900 entrant. Can anyone advise on the reasons why it took place?
Please advise and thanks million in advance.
Kind regards
Dave Roziela
			 
study links here and post if still problem persists
Mathan
		   
 
            
           
 
		     
RESTful service cannot insert data using PL/SQL.
 
			 Hi all
Spin: stand-alone 2.01 AL on OEL 4.8 in box a. VM
Database Oracle 10.2.0.4 with Apex 4.2.0.00.27 on OEL4.8 in the VM B box.


Measure of oracle.example.hr performed without problem Restful services.


Cannot insert data using AL 2.0.1 but works on 1.1.4 AL.
who uses the following table (under scheme: scott):
 
create table json_demo ( title varchar2(20), description varchar2(1000) ); 
grant all on json_demo to apex_public_user; 
and procedure (scott diagram) below:
CREATE OR REPLACE
PROCEDURE post(
    p_url     IN VARCHAR2,
    p_message IN VARCHAR2,
    p_response OUT VARCHAR2)
IS
  l_end_loop BOOLEAN := false;
  l_http_req utl_http.req;
  l_http_resp utl_http.resp;
  l_buffer CLOB;
  l_data       VARCHAR2(20000);  
  C_USER_AGENT CONSTANT VARCHAR2(4000) := 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)';
BEGIN
  -- source: http://awads.net/wp/2005/11/30/http-post-from-inside-oracle/
  -- Ask UTL_HTTP not to raise an exception for 4xx and 5xx status codes,
  -- rather than just returning the text of the error page.
  utl_http.set_response_error_check(false);
  -- Begin the post request
  l_http_req := utl_http.begin_request (p_url, 'POST', utl_http.HTTP_VERSION_1_1);
  -- Set the HTTP request headers
  utl_http.set_header(l_http_req, 'User-Agent', C_USER_AGENT);
  utl_http.set_header(l_http_req, 'content-type', 'application/json;charset=UTF-8');
  utl_http.set_header(l_http_req, 'content-length', LENGTH(p_message));
  -- Write the data to the body of the HTTP request
  utl_http.write_text(l_http_req, p_message);
  -- Process the request and get the response.
  l_http_resp := utl_http.get_response (l_http_req);
  dbms_output.put_line ('status code: ' || l_http_resp.status_code);
  dbms_output.put_line ('reason phrase: ' || l_http_resp.reason_phrase);
  LOOP
    EXIT
  WHEN l_end_loop;
    BEGIN
      utl_http.read_line(l_http_resp, l_buffer, true);
      IF(l_buffer IS NOT NULL AND (LENGTH(l_buffer)>0)) THEN
        l_data    := l_data||l_buffer;
      END IF;
    EXCEPTION
    WHEN utl_http.end_of_body THEN
      l_end_loop := true;
    END;
  END LOOP;
  dbms_output.put_line(l_data);
  p_response:= l_data;
  -- Look for client-side error and report it.
  IF (l_http_resp.status_code >= 400) AND (l_http_resp.status_code <= 499) THEN
    dbms_output.put_line('Check the URL.');
    utl_http.end_response(l_http_resp);
    -- Look for server-side error and report it.
  elsif (l_http_resp.status_code >= 500) AND (l_http_resp.status_code <= 599) THEN
    dbms_output.put_line('Check if the Web site is up.');
    utl_http.end_response(l_http_resp);
    RETURN;
  END IF;
  utl_http.end_response (l_http_resp);
EXCEPTION
WHEN OTHERS THEN
  dbms_output.put_line (sqlerrm);
  raise;
END;
and execution in sqldeveloper 3.2.20.09 when it connects directly to box B as scott:
 
SET serveroutput ON
DECLARE
  l_url      VARCHAR2(200)   :='http://MY_IP:8585/apex/demo';
  l_json     VARCHAR2(20000) := '{"title":"thetitle","description":"thedescription"}';
  l_response VARCHAR2(30000);
BEGIN
  post( p_url => l_url, p_message =>l_json, p_response => l_response);
END;
leading to:
 
anonymous block completed 
status code: 200
reason phrase: OK 
with data inserted. 
Installation using 2.0.1
   Workspace : wsdemo
 RESTful Service Module:  demo/
          URI Template:      test
                Method:  POST
           Source Type:  PL/SQL
and execution in sqldeveloper 3.2.20.09 when it connects directly to box B as scott:
 
SET serveroutput ON
DECLARE
  l_url      VARCHAR2(200)   :='http://MY_IP:8585//apex/wsdemo/demo/test';
  l_json     VARCHAR2(20000) := '{"title":"thetitle","description":"thedescription"}';
  l_response VARCHAR2(30000);
BEGIN
  post( p_url => l_url, p_message =>l_json, p_response => l_response);
END;
leading to:
 
status code: 500 
reason phrase: Internal Server Error 

Listener's log: 
Request Path passes syntax validation
Mapping request to database pool: PoolMap [_poolName=apex, _regex=null, _workspaceIdentifier=WSDEMO, _failed=false, _lastUpdate=1364313600000, _template=/wsdemo/, _type=BASE_PATH]
Applied database connection info
Attempting to process with PL/SQL Gateway
Not processed as PL/SQL Gateway request
Attempting to process as a RESTful Service
demo/test matches: demo/test score: 0
Choosing: oracle.dbtools.rt.resource.templates.jdbc.JDBCResourceTemplateDispatcher as current candidate with score: Score [handle=JDBCURITemplate [scopeId=null, templateId=2648625079503782|2797815111031405, uriTemplate=demo/test], score=0, scope=SecurityConfig [constraint=none, realm=NONE, logonConfig=LogonConfig [logonForm=null, logonFailed=null]], originsAllowed=[], corsEnabled=true]
Determining if request can be dispatched as a Tenanted RESTful Service
Request path has one path segment, continuing processing
Tenant Principal already established, cannot dispatch
Chose oracle.dbtools.rt.resource.templates.jdbc.JDBCResourceTemplateDispatcher as the final candidate with score: Score [handle=JDBCURITemplate [scopeId=null, templateId=2648625079503782|2797815111031405, uriTemplate=demo/test], score=0, scope=SecurityConfig [constraint=none, realm=NONE, logonConfig=LogonConfig [logonForm=null, logonFailed=null]], originsAllowed=[], corsEnabled=true] for: POST demo/test
demo/test is a public resource
Using generator: oracle.dbtools.rt.plsql.AnonymousBlockGenerator
Performing JDBC request as: SCOTT
Mar 28, 2013 1:29:28 PM oracle.dbtools.common.jdbc.JDBCCallImpl execute
INFO: Error occurred during execution of: [CALL, begin
 insert into scott.json_demo values(/*in:title*/?,/*in:description*/?);
end;, [title, in, class oracle.dbtools.common.stmt.UnknownParameterType], [description, in, class oracle.dbtools.common.stmt.UnknownParameterType]]with values: [thetitle, thedescription]
Mar 28, 2013 1:29:28 PM oracle.dbtools.common.jdbc.JDBCCallImpl execute
INFO: ORA-06550: line 1, column 6:
PLS-00103: Encountered the symbol "" when expecting one of the following:

   begin case declare exit for goto if loop mod null pragma
   raise return select update while with <an identifier>
   <a double-quoted delimited-identifier> <a bind variable> <<
   close current delete fetch lock insert open rollback
   savepoint set sql execute commit forall merge pipe
The symbol "" was ignored.
ORA-06550: line 2, column 74:
PLS-00103: Encountered the symbol "" when expecting one of the following:

   begin case declare end exception exit for goto if loop mod
   null pragma raise return select update while with
   <an identifier> <a double-quoted delimited-id

java.sql.SQLException: ORA-06550: line 1, column 6:
PLS-00103: Encountered the symbol "" when expecting one of the following:

   begin case declare exit for goto if loop mod null pragma
   raise return select update while with <an identifier>
   <a double-quoted delimited-identifier> <a bind variable> <<
   close current delete fetch lock insert open rollback
   savepoint set sql execute commit forall merge pipe
The symbol "" was ignored.
ORA-06550: line 2, column 74:
PLS-00103: Encountered the symbol "" when expecting one of the following:

   begin case declare end exception exit for goto if loop mod
   null pragma raise return select update while with
   <an identifier> <a double-quoted delimited-id

        at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:447)
        at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:396)
        at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:879)
        at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:505)
        at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:223)
        at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:531)
        at oracle.jdbc.driver.T4CCallableStatement.doOall8(T4CCallableStatement.java:205)
        at oracle.jdbc.driver.T4CCallableStatement.executeForRows(T4CCallableStatement.java:1043)
        at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1336)
        at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3612)
        at oracle.jdbc.driver.OraclePreparedStatement.execute(OraclePreparedStatement.java:3713)
        at oracle.jdbc.driver.OracleCallableStatement.execute(OracleCallableStatement.java:4755)
        at oracle.jdbc.driver.OraclePreparedStatementWrapper.execute(OraclePreparedStatementWrapper.java:1378)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at oracle.ucp.jdbc.proxy.StatementProxyFactory.invoke(StatementProxyFactory.java:242)
        at oracle.ucp.jdbc.proxy.PreparedStatementProxyFactory.invoke(PreparedStatementProxyFactory.java:124)
        at oracle.ucp.jdbc.proxy.CallableStatementProxyFactory.invoke(CallableStatementProxyFactory.java:101)
        at $Proxy46.execute(Unknown Source)
        at oracle.dbtools.common.jdbc.JDBCCallImpl.execute(JDBCCallImpl.java:44)
        at oracle.dbtools.rt.plsql.AnonymousBlockGenerator.generate(AnonymousBlockGenerator.java:176)
        at oracle.dbtools.rt.resource.templates.v2.ResourceTemplatesDispatcher$HttpResourceGenerator.response(ResourceTemplatesDispatcher.java:309)
        at oracle.dbtools.rt.web.RequestDispatchers.dispatch(RequestDispatchers.java:88)
        at oracle.dbtools.rt.web.HttpEndpointBase.restfulServices(HttpEndpointBase.java:412)
        at oracle.dbtools.rt.web.HttpEndpointBase.service(HttpEndpointBase.java:162)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at com.sun.grizzly.http.servlet.ServletAdapter$FilterChainImpl.doFilter(ServletAdapter.java:1059)
        at com.sun.grizzly.http.servlet.ServletAdapter$FilterChainImpl.invokeFilterChain(ServletAdapter.java:999)
        at com.sun.grizzly.http.servlet.ServletAdapter.doService(ServletAdapter.java:434)
        at oracle.dbtools.standalone.SecureServletAdapter.doService(SecureServletAdapter.java:65)
        at com.sun.grizzly.http.servlet.ServletAdapter.service(ServletAdapter.java:379)
        at com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:179)
        at com.sun.grizzly.tcp.http11.GrizzlyAdapterChain.service(GrizzlyAdapterChain.java:196)
        at com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:179)
        at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:849)
        at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:746)
        at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1045)
        at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:228)
        at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
        at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
        at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
        at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
        at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
        at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
        at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
        at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
        at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
        at java.lang.Thread.run(Thread.java:662)
Error during evaluation of resource template: ORA-06550: line 1, column 6:
PLS-00103: Encountered the symbol "" when expecting one of the following:

   begin case declare exit for goto if loop mod null pragma
   raise return select update while with <an identifier>
   <a double-quoted delimited-identifier> <a bind variable> <<
   close current delete fetch lock insert open rollback
   savepoint set sql execute commit forall merge pipe
The symbol "" was ignored.
ORA-06550: line 2, column 74:
PLS-00103: Encountered the symbol "" when expecting one of the following:

   begin case declare end exception exit for goto if loop mod
   null pragma raise return select update while with
   <an identifier> <a double-quoted delimited-id
Please notify.
Concerning
Zack			 
Zack.L wrote:
Hi Andy,.
Sorry, I forgot to post the Source that is used by the AL1.1.4 and the AL2.0.1.
Source
begin
insert into scott.json_demo values(:title,:description);
end;

It is a failure during insertion?
Yes, he failed in the insert using AL2.0.1.
If the above statement produces the following error message:
The symbol "" was ignored.
ORA-06550: line 2, column 74:
PLS-00103: Encountered the symbol "" when expecting one of the following:

begin case declare end exception exit for goto if loop mod
null pragma raise return select update while with
 

That gives me to think that a character is not printable (notice how there is anything between the quotation marks - "") worked his way in your PL/SQL Manager. Note how the error is reported to correspond to a column 74 on line 2, line 2 of the block above has 58 characters, so a pure assumption somehow, there is extra space on line 2, which confuses the PL/SQL compiler, I suggest retype PL/SQL Manager manually and see if that solves the problem.
		   
 
            
           
 
		     
SOA calling a MS SQL table to insert data.
 
			 Hello
I configured a XA driver to insert data into the MS SQL Server table. When I execute the stream with a SOAP user interface. I was able to insert the data from MS SQL table. But in the end, the transaction is rolled back.




I would ask you
< soapenv:Envelope xmlns:soapenv = 'http://schemas.xmlsoap.org/soap/envelope/' xmlns:mvn = "http://xmlns.oracle.com/MVNEIDM/MVNESelfRegistration/MVNESelfRegistration" >
< soapenv:Header / >
< soapenv:Body >
< mvn:MVNESelfRegistrationRequest >
< mvn:subscriberId > 12345 < / mvn:subscriberId >
< mvn:Keyword > 456 < / mvn:Keyword >
< mvn:completionDt > 2013-02-06 T 16: 24:06.952 < / mvn:completionDt >
< mvn:expirationdt > 2013-02-06 T 16: 24:06.952 < / mvn:expirationdt >
< / mvn:MVNESelfRegistrationRequest >
< / soapenv:Body >
< / soapenv:Envelope >




Erros on SOAP UI are:


< env:Envelope = "http://schemas.xmlsoap.org/soap/envelope/" xmlns:env >
< env:Header / >
< env:Body >
< env:Fault >
env:Server < faultcode > < / faultcode >
incorrect object name < faultstring > [FMWGEN] [SQLServer JDBC Driver] [SQL Server] ' dbo. SelfRegistration'. < / faultstring >
< faultactor / >
< detail >
< exception / >
< / details >
< / env:Fault >
< / env:Body >
< / env:Envelope >


The managed server log the error is




Form weblogic server: -.
Error committing transaction:; nested exception is: Exception [EclipseLink-4002] (Eclipse - 2.1.3.v20110304 persistence Services - r9073): org.eclipse.persistence.exceptions.DatabaseException internal Exception: weblogic.jdbc.sqlserverbase.ddc: invalid object name [FMWGEN] [SQLServer JDBC Driver] [SQL Server] ' dbo. SelfRegistration'. Error code: 208




The process ends with an error, but why he is rolling abck the transaction at the end. The table of the object was existing in the database and I traced the table to insert the data from the input variable reception to invoke the input variable. BPEL Instance he executed until the end, but in the end, the transaction is rolled back.


Thank you
Newcomer Raja			 
Invalid object name ' dbo. SelfRegistration'
I'm assuming you can see a SelfRegistration table in your database... So, I guess that BOD is not the name of the diagram on the right...
		   
 
            
           
 
		     
Error in SQL syntax when inserting data to the table in the form of values using insert record
 
			 
Hello
I was hoping that someone could help me.  I am creating a form of registration on a website to insert data into a database table.  When you try to create the form, I get the following error:

You have an error in your SQL syntax; consult the manual for your version of the MySQL server for the right syntax to use near ' VALUES (name, regno, reason) leave (has ', 1, 'dddd')' at line 1
I checked the syntax, but you don't know what's wrong.
I am running Windows 7 with Dw cs6 and wamp server.
Leave with the names of column (name, regno, reason) is the name of the table.
Thank you for your help and please help me.
The code is as below:
<? php require_once('Connections/connect.php');? >
<? PHP
If (! function_exists ("GetSQLValueString")) {}
function GetSQLValueString ($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
If (via PHP_VERSION < 6) {}
$theValue = get_magic_quotes_gpc()? stripslashes ($TheValue): $theValue;
}
$theValue = function_exists ("mysql_real_escape_string")? mysql_real_escape_string ($TheValue): mysql_escape_string ($theValue);
Switch ($theType) {}
case 'text ':
$theValue = ($theValue! = "")? « " ». $theValue. "" "": "NULL";
break;
case "long":
case "int":
$theValue = ($theValue! = "")? intval ($TheValue): 'NULL ';
break;
case "double":
$theValue = ($theValue! = "")? doubleVal ($TheValue): 'NULL ';
break;
case "date":
$theValue = ($theValue! = "")? « " ». $theValue. "" "": "NULL";
break;
case "set":
$theValue = ($theValue! = "")? $theDefinedValue: $theNotDefinedValue;
break;
}
Return $theValue;
}
}
$editFormAction = $_SERVER ['PHP_SELF'];
If (isset {}
$editFormAction. = « ? ». htmlentities($_SERVER['QUERY_STRING']);
}
If ((isset($_POST["MM_insert"])) & & ($_POST ["MM_insert"] == "form1")) {}
$insertSQL = sprintf ("INSERT INTO leave (name, regno, reason) VALUES (%s, %s, %s)',
GetSQLValueString ($_POST ['name'], "text").
GetSQLValueString ($_POST ['reg'], "int").
GetSQLValueString ($_POST ['reason'], "text"));
@mysql_select_db ($database_connect, $connect);
$Result1 = mysql_query ($insertSQL, $connect) or die (mysql_error ());
}
? >
< ! DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict / / IN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" > ""
" < html xmlns =" http://www.w3.org/1999/xhtml ">
< head >
< meta http-equiv = "content-type" content = text/html"; charset = utf-8 "/ >"
< title > online form let < /title >
< name meta = "keywords" content = "" / > "
< name meta = "description" content = "" / > "
< link href = "styless.css" rel = "stylesheet" type = "text/css" media = "screen" / > "
< / head >
< body >
< div id = 'wrapper' >
< div id = "header" >
< div id = 'menu' >
< ul >
< class li = "current_page_item" > < a href = "#" > home < /a > < /li >
< li > < /li >
< li > < /li >
< li > < a href = "#" > on < /a > < /li >
< li > < /li >
< li > < a href = "#" > Contact < /a > < /li >
< /ul >
< / div >
<!-end #menu->
< div id = "Search" >
< / div >
<!-end #search->
< / div >
<!-end #header->
< div id = "logo" >
E - SCHOOL of CHRIST < h1 > < / h1 >
< p > < / p >
< / div >
< hr / >
<!-end #logo->
<! - end #header - wrapper->
< div id = "page" >
< div id = "content" >
< div class = "post" >
< h2 class = "title" > leave application online < / h2 >
< div class = "entry" > < / div >
< / div >
< do action = "<?" PHP echo $editFormAction;? ">" method = "POST" name = "form1" id = "form1" >
< table width = "200" border = "2" cellspacing = "5" cellpadding = "5" >
< b >
< scope th 'row' = > name < /th >
< td > < label for = "name" > < / label >
< input type = "text" name = "name" id = "name" / > < table >
< /tr >
< b >
< scope = "row" th > Reg No. < /th >
< td > < label for = "reg" > < / label >
< input type = "text" name = "reg" id = "reg" / > < table >
< /tr >
< b >
< scope = "row" th > why < /th >
< td > < label for = "reason" > < / label >
< name textarea = 'reason' id = cols 'reason' = "45" rows = "5" > < / textarea > < table >
< /tr >
< b >
< scope = "row" th > < /th >
< td > < input type = "submit" name = "b1" id = "b1" value = "Submit" / > < table >
< /tr >
< /table >
< input type = "hidden" name = "MM_insert" value = "form1" / >
< / make >
< / div >
<!-end #content->
< div id = "sidebar" >
< ul >
< li >
Notice of < h2 > < / h2 >
< p > students must present the appropriate documents supporting the reason for leave within 3 working days. < /p >
< /li >
< li id = "calendar" >
Calendar < h2 > < / h2 >
< div id = "calendar_wrap" >
< table summary = "Calendar" >
< caption >
March 2014
< / legend >
< thead >
< b >
< th abbr = "Monday" scope = "col" title = "Monday" > M < /th >
< th abbr = "Tuesday" scope = "col" title = "Tuesday" > T < /th >
< th abbr = "Wednesday" scope = "col" title = "Wednesday" > W < /th >
< th abbr = "Thursday" scope = "col" title = 'Thursday' > T < /th >
< th abbr = "Friday" scope = "col" title = 'Friday' > F < /th >
< th abbr = "Saturday" scope = "col" title = 'Saturday' > S < /th >
< th abbr = "Sunday" scope = "col" title = 'Sunday' > S < /th >
< /tr >
< / thead >
< tfoot >
< b >
< td abbr = "February" colspan = "3" id = "prev" > < a href = "#" title = "" > & laquo; Feb < /a > < table >
< class td = "pad" > < table >
< td abbr = "April" colspan = "3" id = "next" > < a href = "#" title = "" > Apr & raquo; < /a > < table >
< /tr >
< / tfoot >
< tbody >
< b >
< td colspan = "5" class = "pad" > < table >
< td > < table > 1
< td > < table > 2
< /tr >
< b >
< td > 3 < table >
< td > < table > 4
< td > 5 < table >
< td > < table > 6
< td > < table > 7
< td > < table > 8
< td > < table > 9
< /tr >
< b >
< td > < table > 10
< td id = 'today' > < table > 11
< td > < table > 12
< td > < table > 13
< td > < table > 14
< td > < table > 15
< td > < table > 16
< /tr >
< b >
< td > < table > 17
< td > < table > 18
< td > < table > 19
< td > < table > 20
< td > < table > 21
< td > < table > 22
< td > < table > 23
< /tr >
< b >
< td > < table > 24
< td > < table > 25
< td > < table > 26
< td > < table > 27
< td > < table > 28
< td > < table > 29
< td > < table > 30
< /tr >
< b >
< td > < table > 31
< class td = "pad" colspan = "6" > < table >
< /tr >
< / tbody >
< /table >
< / div >
< /li >
< li > < /li >
< /ul >
< / div >
<!-end #sidebar->
< div style = "" clear: both; "> < / div >"
< / div >
<!-end #page->
< div id = "footer" >
< p > Copyright (c) University of Christ. All rights reserved. < /p >
< / div >
<!-end #footer->
< / div >
< div align = center > < / div > < / body >
< / html >
			 
The LEAVE is a reserved word in MySQL. You can try to quote, but you are better to rename it.
		   
 
            
           
 
		     
Insert the VO data by using java code on OFA?
 
			 
Hi all,
I m trying a way to insert data by a VO using the Row.setAttribute () function, I need pair this way, but with not much success, for now, I created the following code in the
Application module:
' public void createRecord (String responsabilidad, String segment, String subsegmento) {}
OAViewObject vo = this.getMovQuiebresComercialesVO1 ();
If (! vo.isPreparedForExecution ()) {}
vo.executeQuery ();
}
Line studrow = vo.createRow ();
studrow.setAttribute ("ResponsibilityName", responsibility);
studrow.setAttribute ("DescSegmento", segment);
studrow.setAttribute ("DescSubsegmento", subsegmento);
vo.insertRow (studrow);
vo.setCurrentRow (studrow);
vo.insertRow (studrow);
vo.setCurrentRow (studrow);
studrow.setNewRowState (Row.STATUS_INITIALIZED);
}
After that, I made a call to the apply method in the AM:
{} public void apply()
getTransaction () .commit ();
}
The VO has the following attributes: http://screencast.com/t/hJiNoyY8
But I have not ben able to store the data in the Database, I would appreciate any suggestion
Thank you all
			 
The solution was to initialize the VO in the page load Apps - OA Framework controller ViewObject for Table screen
		   
 
            
           
 
		     
APEX_PLSQL_JOB. SUBMIT_PROCESS (immediate exec) and avoiding sql injection
 
			 Hello!


I work apex (call APEX_PLSQL_JOB), which is located in the WEB page defined as:
l_sql := 'BEGIN some_proc('

                      || l_actions_diary_id

                      ||','

                      ||:P305_ACTIVE_PERIOD

                      ||','''

                      ||:APP_USER

                      ||''','

                      ||:APP_ID

                      ||','

                      ||:G_XE_APP_ID

                      ||');  END;'

         ;

l_retval := APEX_PLSQL_JOB.SUBMIT_PROCESS (p_sql   => l_sql);
It's security (SQL injection point) issue that coul be solved as:
l_sql := 'BEGIN some_proc('

                      || l_actions_diary_id

                      ||',:P305_ACTIVE_PERIOD, :APP_USER, :APP_ID, :G_XE_APP_ID);END ;'

         ;
but then no variable (: P305_ACTIVE_PERIOD,: APP_USER,: APP_ID,: G_XE_APP_ID) will be analyzed with their true values!


What is the best security for such a case?


RG,
Damir			 
The most simple and rather safe, is approach using DBMS_ASSERT as already said.
Here's what your modified code will look like
l_sql := 'BEGIN some_proc('
                      || l_actions_diary_id ||
                          ' DBMS_ASSERT.ENQUOTE_LITERAL('||:P305_ACTIVE_PERIOD)||'),'||
                         ' DBMS_ASSERT.ENQUOTE_LITERAL('|| :APP_USER||'),'||
                         ' DBMS_ASSERT.ENQUOTE_LITERAL('|| :APP_ID||'),'||
                        ' DBMS_ASSERT.ENQUOTE_LITERAL('|| :G_XE_APP_ID||') );END ;'
         ;

The actual values of the articles just so get by what Suits.
With this approach, you don't have to worry about is_numeric If your proc/function with parameters defined as numbers Oracle performs implicit conversions.
Kind regards
		   
 
            
           
 
		     
How to insert data into a BLOB column using sql
 
			 Hi all


How to insert data into the BLOB column directly using sql.
create  table temp
(
  a blob,
  b clob);

SQL> /
Insert into temp  values ('32aasdasdsdasdasd4e32','adsfbsdkjf') ;
                                  *
ERROR at line 1:
ORA-01465: invalid hex number

Please help in this.
Thank you
Prakash P			 
Insert into temporary values (UTL_RAW. CAST_TO_RAW ('32aasdasdsdasdasd4e32'), 'adsfbsdkjf');
		   
 
            
           
 
		     
Insert data into an existing timechannel
 
			 
Hello
I'm trying to insert data into an existing timechannel. To illustrate my use case, I prepared a few data :
Absolute timechannel D1 D2 D3
14.02.2013 03:22:51.3930 - 4-92-703
14.02.2013 03:22:52.3930 - 4-92-697
14.02.2013 04:06:19.7280 - 1-75-674
14.02.2013 04:06:20.7280 - 1-75-696
As you can see there is a chronological gap between the second and the third group of data. Now, I want to insert a line with NoValues in this interval.
The data has been saved with a sampling rate of 1 Hz. After processing the data, they should look like this:
Absolute timechannel D1 D2 D3
14.02.2013 03:22:51.3930 - 4-92-703
14.02.2013 03:22:52.3930 - 4-92-697
14.02.2013 03:22:53.3930 NV NV NV
14.02.2013 04:06:19.7280 - 1-75-674
14.02.2013 04:06:20.7280 - 1-75-696
Insertion of the NoValues in the data channel works very well with 'DataBlInsertVal '. But I'm having a hard time to achieve the same in the timechannel. Especially with a dependency on the sampling rate.
Someone has tried to do the same thing or has some tips how to do this? The main objective is to avoid reporting to connect the data points on this chronological gap.
Best regards, Marc
			 
Hi Marc,
I tried what you wanted to do and he worked with DIAdem 2012 without any problem.
I used the attached file and copy the following code:
Call DataBlInsertVal(Data.Root.ChannelGroups(1).Channels("Time"), 13, 1, NV)

Can you try this line with my file?
Cheers, RMathews
		   
 
            
           
 
		     
XML data in the table using sql/plsql
 
			 
Hi experts,
Could you please help with the following requirement. I have the tags xml (.xml on a server file) below. I need to access this file and read the XML and insert into the db table using sql and plsql. Is it possible with the cdata below? And there is a nested this table.
Could someone please guide me if you have a sample code file and xml.
<? XML version = "1.0" encoding = "UTF-8"? >
< generation_date > <! [CDATA [17/11/2015]] > < / generation_date >
< generated_by > <! [CDATA [Admin Admin]] > < / generated_by >
< year > <! [CDATA [2015]] > < / year >
< month > <! [CDATA [01]] > < / month >
< author >
< author > <! [CDATA [user author]] > < / author > < author_initial > <! [CDATA [user]] > < / author_firstname > < author_country > <! [CDATA [author]] > < / author_lastname >
< author_email > <! [CDATA [[email protected]]] > < / author_email >
< author_data_01 > <! [CDATA []] > < / author_data_01 >
< author_data_02 > <! [CDATA []] > < / author_data_02 >
< items >
< article_item >
< article_id > <! [CDATA [123456]] > < / article_id >
< publication > <! [CDATA [Al Bayan]] > < / publication >
< section > <! [CDATA [Local]] > < / section >
< issue_date > <! [CDATA [11/11/2015]] > < / issue_date >
< page > <! [CDATA [2]] > < / print this page >
< article_title > <! [CDATA [title.]] > < / article_title > < number_of_words > <! [CDATA [165]] > < / number_of_words >
< original_price > <! [CDATA [200]] > < / original_price >
< original_price_currency > <! [CDATA [DEA]] > < / original_price_currency >
< price > <! [CDATA [250]] > < / price >
< price_currency > <! [CDATA [DEA]] > < / price_currency >
< / article_item >
< / articles >
< total_amount > <! [CDATA [250]] > < / total_amount >
< total_amount_currency > <! [CDATA [DEA]] > < / total_amount_currency >
< / author >
< / xml >
Thanks in advance,
Suman
			 
XMLTABLE using...
SQL > ed
A written file afiedt.buf
1 with t (xml) as (select xmltype ('))
2
3
4
5
6
7
8
9
10
11
[[12   [email protected]]] >
13
14
15
16
17
18
19

20
21
22
23
24
25
26
27
28
29
30
31
32
33 ") of the double)"
34-

35 end of sample data
36-
37 - assumptions:
(38 - a) XML may have several tags
(39 - b) each  may contain more
40-
41 select x.gen_by, x.gen_date, x.mn, x.yr
42, y.author, y.auth_fn, y.auth_ln, y.auth_cnt, y.auth_em, y.auth_d1, y.auth_d2
43, z.id, z.pub, z.sec, z.iss_dt, z.pg, z.art_ttl, z.num_wrds, z.oprice, z.ocurr, z.price, z.curr
44 t
45, xmltable ('/ authxml')
from $ 46 t.xml
path of 47 columns gen_date varchar2 (10) '. / generation_date'
48, path of varchar2 (15) of gen_by '. / generated_by'
49, path of varchar2 (4) year '. "/ year"
50 varchar2 (2) mn road '. "/ month"
51, path of xmltype authors '.'
52                 ) x
53, xmltable ('/ authxml/authors ')
from $ 54 x.authors
author of 55 path of varchar2 columns (15) '. / author'
56, path of varchar2 (10) of auth_fn '. / author_firstname'
57, path of varchar2 (10) of auth_ln '. / author_lastname'
58 road of VARCHAR2 (3) auth_cnt '. / author_country'
59 road of varchar2 (20) of auth_em '. / author_email'
60 road of varchar2 (5) of auth_d1 '. / author_data_01'
61, path of varchar2 (5) of auth_d2 '. / author_data_02'
62, path of xmltype articles '. / Articles'
63                 ) y
64, xmltable ('/ Articles/article_item ')
from $ 65 y.articles
path id 66 number columns '. / article_id'
67, path of varchar2 (10) pub '. ' / publication.
68 road of varchar2 (10) dry '. / section'
69, path of varchar2 (10) of iss_dt '. / issue_date'
70 road of VARCHAR2 (3) pg '. "/ print this page"
71, path of varchar2 (20) of art_ttl '. / article_title'
72, path of varchar2 (5) of num_wrds '. / number_of_words'
73, path of varchar2 (5) of oprice '. / original_price'
74 road to VARCHAR2 (3) ocurr '. / original_price_currency'
75, path of varchar2 (5) price '. "/ price"
76, path of VARCHAR2 (3) curr '. / price_currency'
77*                ) z
SQL > /.

GEN_DATE GEN_BY YEAR MN AUTHOR AUTH_FN AUTH_LN AUT AUTH_EM AUTH_ AUTH_ ID PUB DRY ISS_DT PG ART_TTL NUM_W OPRIC HEARTS PRICE OCU
---------- --------------- ---- -- --------------- ---------- ---------- --- -------------------- ----- ----- ---------- ---------- ---------- ---------- --- -------------------- ----- ----- --- ----- ---
17/11/2015 Admin Admin 2015 01 user author user author [email protected] 123456 UAE Al Bayan Local 11/11/2015 2 is the title.   165 200 AED AED 250
Of course, you'll want to change the types of data, etc. as needed.
I assumed that the XML can contain several "" sections and that each section can contain several entries.  

Thus the XMLTABLE aliasing as 'x' gives information of XML, and supplies the data associated with the XMLTABLE with alias 'y' which gets the multiple authors, which itself section of the XMLTABLE with alias 'z' for each of the article_item.

CDATA stuff are handled automatically by SQLX (XML functionality integrated into Oracle's SQL)
		   
 
            
           
 
		     
Cannot insert data with the PDO function [from: insert and update of the server in the same shape behaviors]
 
			 
I feel as if I'm fighting my way around a paper bag trying to insert a record.  I have recently converted from MySQL for PDP, which cannot be applied.  I'm not trying to write routines to update data and started with insert.  I tried the example in your PHP Solutions edition two, pp. 361-363, but I can't get a written account.
It is a database, which I supported since the host server using phpMyAdmin.  I'm very well display the data on the site, so I guess that my login script is ok.  However, nothing I've tried has got a registered insert.  I tried to get back to the basics, and it still does not work.  This is my current code.  Something is wrong with my statement = $sql and I can't identify the problem.  Help, please!
If (isset($_POST['insert'])) {}
try {}
create the SQL
$sql = "INSERT INTO Homepage_text (enriched, h_date, h_seq, h_col, p_heading, p_text, h_hide) VALUES ($_POST ['enriched'], $_POST ['h_date'], $_POST ['h_seq'], $_POST ['h_col'], $_POST ['p_heading'], $_POST ['p_text'], $_POST ['h_hide']);"
$sainttim-> execute ($sql);
echo "new record successfully created ';
}
catch (PDOException ($e) exception
{
echo $sql. "< br / > '. $e-> getMessage();
}
}
			 
There are several things wrong with your code:
You use elements of an associative array within a double quoted string. Which will cause a parse error.
The values you are trying to insert in the database are for most (if not all) of the text fields. If you use a literal SQL query, text fields must be wrapped in quotes.
You try to use the method execute() with a literal SQL query. In AOP, execute() only works with a prepared statement. To run a literal SQL query, you must use the exec() method.
Passing the values in the array $_POST directly in the database without any sort of validation and without escaping quotes or other characters just asking for trouble.
Follow the examples in the book, and use a prepared statement. To address all these issues quickly and easily.