Options

Passing parameter to mysql stored procedure for Read Database

chakravarthy_rachakravarthy_ra Member Posts: 6 Contributor II
edited February 2020 in Help

I have following statement in the Build SQL query , for 'Read Database' operator, which gives result.

 

call tatvam_opms.volume_change(@customer_id_in=null);

How do i make that input into a prepared statement ? So user can key in 'null' or some other value ?

(null)

 

Tagged:

Best Answers

  • Options
    chakravarthy_rachakravarthy_ra Member Posts: 6 Contributor II
    Solution Accepted

    Ok so i created a macro with variable as customer_id_in. Then refrenced this in the SP execution as SPName(%{customer_id_in}).

     

    It worked. Thanks

  • Options
    Edin_KlapicEdin_Klapic Moderator, Employee, RMResearcher, Member Posts: 299 RM Data Scientist
    Solution Accepted

    Hi @chakravarthy_ra,

     

    In order to prevent SQL injection I propose to check prepare statement in the Read Database Operator.

    Then you can select a list of parameters (i.e. the values) you want to use in Read Database (see screenshot).

    Afterwards you need to replace the macro in the SQL statement with a question mark (?).

     

    Best,

    Edin

     

    image.png

     

     

     

Sign In or Register to comment.