On Saturday, September 05, 2015 10:13:08 AM michele.greco2@email.it wrote:
Hi,
Hi!
where am i wrong?
1. you have an XQuery syntax error; instead of: let $q:= "insert into person values("","||nome||","","","","","","")" it should be (note the different quotation marks): let $q:= "insert into person values(''," || $nome || ",'','','','','','')"
2. you have SQL injection [1] and performance issue by concatenating the value directly into the SQL statement; prepared statements [2] are in this case your friend:
declare namespace w="http://schemas.openxmlformats.org/wordprocessingml/2006/main";
declare function local:nome() as xs:string* { (: I've no idea whatcha doin here pal... :) for $document in collection("curriculum") let $c:= document-uri($document) order by $c return for $e in doc($c)//w:tc[.//text()="Nome"] return $e/./following::text() except ( for $x in doc($c)//w:tc[.//text()="Indirizzo"] return $x//following::text()) };
let $init := sql:init("com.mysql.jdbc.Driver"), $conn := sql:connect("jdbc:mysql://localhost:3306/DbName","user","password"), $stmt := sql:prepare($conn, "INSERT INTO person VALUES('',?,'','','','','')") for $nome in local:nome() return sql:execute-prepared($stmt, sql:parameters <sql:parameter type="string">{$nome}</sql:parameter> </sql:parameters>)
Check the BaseX docs [3] for more info and come back if you need more help :)
Cheers, Dimitar
[1] https://en.wikipedia.org/wiki/Sql_injection [2] https://en.wikipedia.org/wiki/Prepared_statement [3] http://docs.basex.org/wiki/SQL_Module