Hi,
I wrote this xquery,who want to save the query result in myql.
declare namespace pkg="http://schemas.microsoft.com/office/2006/xmlPackage";
declare namespace w="http://schemas.openxmlformats.org/wordprocessingml/2006/main";
sql:init("com.mysql.jdbc.Driver"),
let $conn:= sql:connect("jdbc:mysql://localhost:3306/DbName","user","password")
return
(let $q:= "insert into person values("","||nome||","","","","","","")"
return sql:execute($conn,$q)),
for $document in collection("curriculum")
let $c:= document-uri($document)
order by $c
return <nome>
{for $e in doc($c)//w:tc[.//text()="Nome"]
return $e/./following::text()except
(for $x in doc($c)//w:tc[.//text()="Indirizzo"]
return $x//following::text())
}</nome>
but this is my error:
[XPDY0002] nome: no context value bound.
where am i wrong?
-- ZE-Light e ZE-Pro: servizi zimbra per caselle con dominio email.it, per tutti i dettagli Clicca qui http://posta.email.it/caselle-di-posta-z-email-it/?utm_campaign=email_Zimbra...
Sponsor: Registra i domini che desideri ed inizia a creare il tuo sito web Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=13323&d=5-9
What do you expect 'nome' to be here?
let $q:= "insert into person values("","||nome||","","","","","","")"
Maybe something like
let $nome := 'foo' let $q := 'insert into person values("",' || '"' || $nome || '"' || ',"","","","","","")' return $q
is more apt?
On 05.09.2015, at 10:13, michele.greco2@email.it wrote:
Hi, I wrote this xquery,who want to save the query result in myql.
declare namespace pkg="http://schemas.microsoft.com/office/2006/xmlPackage"; declare namespace w="http://schemas.openxmlformats.org/wordprocessingml/2006/main"; sql:init("com.mysql.jdbc.Driver"), let $conn:= sql:connect("jdbc:mysql://localhost:3306/DbName","user","password") return (let $q:= "insert into person values("","||nome||","","","","","","")" return sql:execute($conn,$q)), for $document in collection("curriculum") let $c:= document-uri($document) order by $c return <nome> {for $e in doc($c)//w:tc[.//text()="Nome"] return $e/./following::text()except (for $x in doc($c)//w:tc[.//text()="Indirizzo"] return $x//following::text()) }</nome>
but this is my error: [XPDY0002] nome: no context value bound. where am i wrong?
ZE-Light e ZE-Pro: servizi zimbra per caselle con dominio email.it, per tutti i dettagli clicca qui
Sponsor: Registra i domini che desideri ed inizia a creare il tuo sito web Clicca qui
On Saturday, September 05, 2015 10:13:08 AM michele.greco2@email.it wrote:
Hi,
Hi!
where am i wrong?
1. you have an XQuery syntax error; instead of: let $q:= "insert into person values("","||nome||","","","","","","")" it should be (note the different quotation marks): let $q:= "insert into person values(''," || $nome || ",'','','','','','')"
2. you have SQL injection [1] and performance issue by concatenating the value directly into the SQL statement; prepared statements [2] are in this case your friend:
declare namespace w="http://schemas.openxmlformats.org/wordprocessingml/2006/main";
declare function local:nome() as xs:string* { (: I've no idea whatcha doin here pal... :) for $document in collection("curriculum") let $c:= document-uri($document) order by $c return for $e in doc($c)//w:tc[.//text()="Nome"] return $e/./following::text() except ( for $x in doc($c)//w:tc[.//text()="Indirizzo"] return $x//following::text()) };
let $init := sql:init("com.mysql.jdbc.Driver"), $conn := sql:connect("jdbc:mysql://localhost:3306/DbName","user","password"), $stmt := sql:prepare($conn, "INSERT INTO person VALUES('',?,'','','','','')") for $nome in local:nome() return sql:execute-prepared($stmt, sql:parameters <sql:parameter type="string">{$nome}</sql:parameter> </sql:parameters>)
Check the BaseX docs [3] for more info and come back if you need more help :)
Cheers, Dimitar
[1] https://en.wikipedia.org/wiki/Sql_injection [2] https://en.wikipedia.org/wiki/Prepared_statement [3] http://docs.basex.org/wiki/SQL_Module
basex-talk@mailman.uni-konstanz.de
-
Alexander Holupirek -
Dimitar Popov -
michele.greco2@email.it