| 1 |
lars |
1 |
<com:TContent ID="body">
|
|
|
2 |
|
|
|
3 |
<h1>The SQL</h1>
|
|
|
4 |
<p>If you are not using stored procedures, the most important part of a
|
|
|
5 |
statement-type element is the SQL. You can use any SQL statement that is valid
|
|
|
6 |
for your database system. Since SQLMap passes the SQL through to a standard
|
|
|
7 |
libraries (Adodb for PHP), you can use any statement with SQLMap that you
|
|
|
8 |
could use without SQLMap. You can use whatever functions your database system
|
|
|
9 |
supports, and even send multiple statements, so long as your driver or
|
|
|
10 |
provider supports them.</p>
|
|
|
11 |
|
|
|
12 |
|
|
|
13 |
<h2>Escaping XML symbols</h2>
|
|
|
14 |
<p>Because you are combining SQL and XML in a
|
|
|
15 |
single document, conflicts can occur. The most common conflict is the
|
|
|
16 |
greater-than and less-than symbols (><). SQL statements use these symbols as
|
|
|
17 |
operators, but they are reserved symbols in XML. A simple solution is to
|
|
|
18 |
escape the SQL statements that uses XML reserved symbols within a CDATA
|
|
|
19 |
element. The following example demonstrates this.
|
|
|
20 |
|
|
|
21 |
<com:TTextHighlighter Language="xml" CssClass="source">
|
|
|
22 |
<statement id="SelectPersonsByAge" parameterClass="int" resultClass="Person">
|
|
|
23 |
<![CDATA[
|
|
|
24 |
SELECT * FROM PERSON WHERE AGE > #value#
|
|
|
25 |
]]>
|
|
|
26 |
</statement>
|
|
|
27 |
</com:TTextHighlighter>
|
|
|
28 |
|
|
|
29 |
<h2>Auto-Generated Keys</h2>
|
|
|
30 |
<p>Many database systems support auto-generation of primary key fields, as a
|
|
|
31 |
vendor extension. Some vendors pre-generate keys (e.g. Oracle), some vendors
|
|
|
32 |
post-generate keys (e.g. MS-SQL Server and MySQL). In either case, you can
|
|
|
33 |
obtain a pre-generated key using a <tt><selectKey></tt> stanza within an
|
|
|
34 |
<tt><insert></tt> element. The following example shows an <tt><insert></tt>
|
|
|
35 |
statement for either approach.</p>
|
|
|
36 |
|
|
|
37 |
<com:TTextHighlighter Language="xml" CssClass="source">
|
|
|
38 |
<!-- Oracle SEQUENCE Example using .NET 1.1 System.Data.OracleClient -->
|
|
|
39 |
<insert id="insertProduct-ORACLE" parameterClass="product">
|
|
|
40 |
<selectKey resultClass="int" type="pre" property="Id" >
|
|
|
41 |
SELECT STOCKIDSEQUENCE.NEXTVAL AS VALUE FROM DUAL
|
|
|
42 |
</selectKey>
|
|
|
43 |
insert into PRODUCT (PRD_ID,PRD_DESCRIPTION) values (#id#,#description#)
|
|
|
44 |
</insert>
|
|
|
45 |
|
|
|
46 |
<!-- Microsoft SQL Server IDENTITY Column Example -->
|
|
|
47 |
<insert id="insertProduct-MS-SQL" parameterClass="product">
|
|
|
48 |
insert into PRODUCT (PRD_DESCRIPTION)
|
|
|
49 |
values (#description#)
|
|
|
50 |
<selectKey resultClass="int" type="post" property="id" >
|
|
|
51 |
select @@IDENTITY as value
|
|
|
52 |
</selectKey>
|
|
|
53 |
</insert>
|
|
|
54 |
|
|
|
55 |
<!-- MySQL Example -->
|
|
|
56 |
<insert id="insertProduct-MYSQL" parameterClass="product">
|
|
|
57 |
insert into PRODUCT (PRD_DESCRIPTION)
|
|
|
58 |
values (#description#)
|
|
|
59 |
<selectKey resultClass="int" type="post" property="id" >
|
|
|
60 |
select LAST_INSERT_ID() as value
|
|
|
61 |
</selectKey>
|
|
|
62 |
</insert>
|
|
|
63 |
</com:TTextHighlighter>
|
|
|
64 |
|
|
|
65 |
<h2><tt><generate></tt> tag</h2>
|
|
|
66 |
<p>You can use SQLMap to execute any SQL statement your application requires.
|
|
|
67 |
When the requirements for a statement are simple and obvious, you may not even
|
|
|
68 |
need to write a SQL statement at all. The <tt><generate></tt> tag can be used to
|
|
|
69 |
create simple SQL statements automatically, based on a <tt><parameterMap></tt>
|
|
|
70 |
element. The four CRUD statement types (insert, select, update, and delete)
|
|
|
71 |
are supported. For a select, you can select all or select by a key (or keys).
|
|
|
72 |
The following example shows an example of generating the usual array of
|
|
|
73 |
CRUD statements.</p>
|
|
|
74 |
|
|
|
75 |
<div class="note"><b class="tip">Important:</b>
|
|
|
76 |
The intended use of the <tt><generate></tt> tag is to save developers the trouble
|
|
|
77 |
of coding mundane SQL statements (and only mundane statements). It is not
|
|
|
78 |
meant as a object-to-relational mapping tool. There are many frameworks that
|
|
|
79 |
provide extensive object-to-relational mapping features. The <tt><generate></tt>
|
|
|
80 |
tag is not a replacement for any of those. When the <tt><generate></tt> tag does
|
|
|
81 |
not suit your needs, use a conventional statement instead.
|
|
|
82 |
</div>
|
|
|
83 |
|
|
|
84 |
<com:TTextHighlighter Language="xml" CssClass="source">
|
|
|
85 |
<parameterMap id="insert-generate-params">
|
|
|
86 |
<parameter property="Name" column="Category_Name"/>
|
|
|
87 |
<parameter property="Guid" column="Category_Guid" dbType="UniqueIdentifier"/>
|
|
|
88 |
</parameterMap>
|
|
|
89 |
|
|
|
90 |
<parameterMap id="update-generate-params" extends="insert-generate-params">
|
|
|
91 |
<parameter property="Id" column="Category_Id" />
|
|
|
92 |
</parameterMap>
|
|
|
93 |
|
|
|
94 |
<parameterMap id="delete-generate-params">
|
|
|
95 |
<parameter property="Id" column="Category_Id" />
|
|
|
96 |
<parameter property="Name" column="Category_Name"/>
|
|
|
97 |
</parameterMap>
|
|
|
98 |
|
|
|
99 |
<parameterMap id="select-generate-params">
|
|
|
100 |
<parameter property="Id" column="Category_Id" />
|
|
|
101 |
<parameter property="Name" column="Category_Name"/>
|
|
|
102 |
<parameter property="Guid" column="Category_Guid" dbType="UniqueIdentifier"/>
|
|
|
103 |
</parameterMap>
|
|
|
104 |
|
|
|
105 |
<update id="UpdateCategoryGenerate" parameterMap="update-generate-params">
|
|
|
106 |
<generate table="Categories" by="Category_Id"/>
|
|
|
107 |
</update>
|
|
|
108 |
|
|
|
109 |
<delete id="DeleteCategoryGenerate" parameterMap="delete-generate-params">
|
|
|
110 |
<generate table="Categories" by="Category_Id, Category_Name"/>
|
|
|
111 |
</delete>
|
|
|
112 |
|
|
|
113 |
<select id="SelectByPKCategoryGenerate" resultClass="Category"
|
|
|
114 |
parameterClass="Category" parameterMap="select-generate-params">
|
|
|
115 |
<generate table="Categories" by="Category_Id"/>
|
|
|
116 |
</select>
|
|
|
117 |
|
|
|
118 |
<select id="SelectAllCategoryGenerate" resultClass="Category"
|
|
|
119 |
parameterMap="select-generate-params">
|
|
|
120 |
<generate table="Categories" />
|
|
|
121 |
</select>
|
|
|
122 |
|
|
|
123 |
<insert id="InsertCategoryGenerate" parameterMap="insert-generate-params">
|
|
|
124 |
<selectKey property="Id" type="post" resultClass="int">
|
|
|
125 |
select @@IDENTITY as value
|
|
|
126 |
</selectKey>
|
|
|
127 |
<generate table="Categories" />
|
|
|
128 |
</insert>
|
|
|
129 |
</com:TTextHighlighter>
|
|
|
130 |
|
|
|
131 |
<p>The tag generates ANSI SQL, which should work with any compliant database.
|
|
|
132 |
Special types, such as blobs, are not supported, and vendor-specific types are
|
|
|
133 |
also not supported. But, the generate tag does keep the simple things simple.</p>
|
|
|
134 |
|
|
|
135 |
<div class="note"><b class="tip">Note:</b>
|
|
|
136 |
The SQL is generated when the DataMapper instance is built and can be cached
|
|
|
137 |
afterward, so there is no performance impact at execution time.
|
|
|
138 |
</div>
|
|
|
139 |
|
|
|
140 |
<p>The generate tag supports two attributes.</p>
|
|
|
141 |
|
|
|
142 |
<!-- tabular: align=|l|l|l|, width=(0.2 0.4 0.2) -->
|
|
|
143 |
<table class="tabular">
|
|
|
144 |
<tr><th>Attribute</th><th>Description</th><th>Required</th></tr>
|
|
|
145 |
<tr>
|
|
|
146 |
<td><tt>table</tt></td>
|
|
|
147 |
<td>specifies the table name to use in the SQL statement</td>
|
|
|
148 |
<td>yes</td>
|
|
|
149 |
</tr>
|
|
|
150 |
<tr>
|
|
|
151 |
<td><tt>by</tt></td>
|
|
|
152 |
<td>specifies the columns to use in a WHERE clause</td>
|
|
|
153 |
<td>no</td>
|
|
|
154 |
</tr>
|
|
|
155 |
</table>
|
|
|
156 |
|
|
|
157 |
</com:TContent>
|