Database query - FORMCYCLE Wiki

User interface for actions of type //Database query//.

Actions of type //Database query// allows to execute a SQL query. For this purpose, a connection must have been previously created in Database Administration. Placeholders can be used within the query, for example to insert form data into the query. So-called prepared statements are generated, so that SQL injection is not possible.

6

7

== Parameters ==

8

9

=== Database query details ===

10

11

; Use configured DB query?

12

: If this option is selected, a DB query preconfigured in the backend can be selected. Additionally, details about the query will be displayed.

13

; Connection

14

: Database connection, which was preconfigured in the administration.

15

; SQL statement

16

: Text field for the SQL statement.

17

18

== Action variables ==

19

20

Actions of type //Database query// provide [[Action variables>>Formcycle.UserInterface.Variables||anchor="HActionvariables"]] which can be used in subsequent actions.

21

22

=== Standard action variables ===

23

24

; [%$<action name>.SUCCESS%]

25

: Return whether action was successfully executed. Returns Boolean (true/false).

26

; [%$<action name>.RESULT%]

27

: Return all results provided by the action in structured form.

28

29

; [%$<action name>.ERROR_CODE%]

30

: The error code thrown in case of an error in the action. Empty if no error occurred.

31

; [%$<action name>.ERROR_MESSAGE%]

32

: The thrown error message in the action's error case. Empty if no error occurred.

33

34

=== Action specific action variables ===

35

36

; [%$<action name>.RESULT.rows[i]['key']%]

37

: A JSON array containing the results of the SQL statement. Each entry in the JSON array is a JSON object, where the key corresponds to the database column name. The index i starts with 0.

38

; [%$<action name>.RESULT.updateCount%]

39

: For an update statement: the number of affected rows in the database. Otherwise, the value is always 0.

== Note ==

The entered statement is executed as //Prepared-Statement//, so that no so-called //SQL-Injection// is possible. Therefore do not use quotation marks.

44

45

(% style="color:#38761d" %)**Correct**

46

47

48

INSERT INTO test_table (firstname, lastname) values ([%tffirstname%], [%tfname%])

49

50

51

(% style="color:#cc0000" %)**False**.

52

53

54

INSERT INTO test_table (firstname, lastname) values ('[%tffirstname%]', '[%tfname%]')

55

Wiki source code of Datenbank-Abfrage

Navigation

author	version	line-number	content
		1	{{figure image="db_statement_en.png" width="400" clear="h1"}}
		2	User interface for actions of type //Database query//.
		3	{{/figure}}
		4
		5	Actions of type //Database query// allows to execute a SQL query. For this purpose, a connection must have been previously created in Database Administration. Placeholders can be used within the query, for example to insert form data into the query. So-called prepared statements are generated, so that SQL injection is not possible.
		6
		7	== Parameters ==
		8
		9	=== Database query details ===
		10
		11	; Use configured DB query?
		12	: If this option is selected, a DB query preconfigured in the backend can be selected. Additionally, details about the query will be displayed.
		13	; Connection
		14	: Database connection, which was preconfigured in the administration.
		15	; SQL statement
		16	: Text field for the SQL statement.
		17
		18	== Action variables ==
		19
		20	Actions of type //Database query// provide [[Action variables>>Formcycle.UserInterface.Variables\|\|anchor="HActionvariables"]] which can be used in subsequent actions.
		21
		22	=== Standard action variables ===
		23
		24	; [%$<action name>.SUCCESS%]
		25	: Return whether action was successfully executed. Returns Boolean (true/false).
		26	; [%$<action name>.RESULT%]
		27	: Return all results provided by the action in structured form.
		28
		29	; [%$<action name>.ERROR_CODE%]
		30	: The error code thrown in case of an error in the action. Empty if no error occurred.
		31	; [%$<action name>.ERROR_MESSAGE%]
		32	: The thrown error message in the action's error case. Empty if no error occurred.
		33
		34	=== Action specific action variables ===
		35
		36	; [%$<action name>.RESULT.rows[i]['key']%]
		37	: A JSON array containing the results of the SQL statement. Each entry in the JSON array is a JSON object, where the key corresponds to the database column name. The index i starts with 0.
		38	; [%$<action name>.RESULT.updateCount%]
		39	: For an update statement: the number of affected rows in the database. Otherwise, the value is always 0.
		40
		41	== Note ==
		42
		43	The entered statement is executed as //Prepared-Statement//, so that no so-called //SQL-Injection// is possible. Therefore do not use quotation marks.
		44
		45	(% style="color:#38761d" %)Correct
		46
		47	{{code language="sql"}}
		48	INSERT INTO test_table (firstname, lastname) values ([%tffirstname%], [%tfname%])
		49	{{/code}}
		50
		51	(% style="color:#cc0000" %)False.
		52
		53	{{code language="sql"}}
		54	INSERT INTO test_table (firstname, lastname) values ('[%tffirstname%]', '[%tfname%]')
		55	{{/code}}