cancel
Showing results for 
Search instead for 
Did you mean: 

Issues while passing Input Parameter from a URL to a SELECT statement

Former Member
0 Kudos


hi Team,

I am developing an XS JS Application in which the following is needed:

the User through a link passes the value of the Customer Id and the XS JS application reads this Input Parameter and uses it in a SELECT statement dynamically to fetch the corresponding Customer details(say eg., CITY of the Customer).

I attempted the following ways and all of them failed and getting HTTP error 500:

1)var pstmt = conn.prepareStatement( "SELECT CITY FROM MYSCHEMA.MYTABLE WHERE CUSTOMER_ID = ?" ); and

   passed the '?' value as : pstmt.setInteger(1,$.request.parameters.get("custid"));

2)var custid = $.request.parameters.get("custid");

   var query =  "SELECT CITY FROM MYSCHEMA.MYTABLE WHERE CUSTOMER_ID =" + custid;

   var rs = pstmt.executeQuery(query);

Please let me know if there is a way out of this issue. if yes, what is to be done to fetch the Customer details(CITY) for a particular customer(which is coming from the Input Parameter in the LINK/URL)?

Thanks in advance for your help in advance.

Regards,

Vishnu
  

Accepted Solutions (1)

Accepted Solutions (1)

0 Kudos

Version 1 should be the better solution (because of SQL injections).

I copied your code, tried to execute it and as expected I got the following message:

"Error: PreparedStatement.setInteger: expected int for second argument, but got: string"


First convert your parameter to an integer and then pass it into the setInteger method:

pstmt.setInteger(1, parseInt($.request.parameters.get("custid")));

Former Member
0 Kudos

hi Philipp,

I tried to convert in the same way as you explainted above using the function parseInt, but still the issue is not resolved and getting error HTTP error 500.

please let me know if there is any other solution for this.

Regards,

Vishnu

0 Kudos

Is there something else than the status code you could provide? Any error message?

Does the query run fine in the SQL console?

Answers (0)