Passing parameter to mysql stored procedure for Read Database

chakravarthy_ra
chakravarthy_ra New Altair Community Member
edited November 2024 in Community Q&A

I have following statement in the Build SQL query , for 'Read Database' operator, which gives result.

 

call tatvam_opms.volume_change(@customer_id_in=null);

How do i make that input into a prepared statement ? So user can key in 'null' or some other value ?

(null)

 

Tagged:

Best Answers

  • chakravarthy_ra
    chakravarthy_ra New Altair Community Member
    Answer ✓

    Ok so i created a macro with variable as customer_id_in. Then refrenced this in the SP execution as SPName(%{customer_id_in}).

     

    It worked. Thanks

  • Edin_Klapic
    Edin_Klapic New Altair Community Member
    Answer ✓

    Hi @chakravarthy_ra,

     

    In order to prevent SQL injection I propose to check prepare statement in the Read Database Operator.

    Then you can select a list of parameters (i.e. the values) you want to use in Read Database (see screenshot).

    Afterwards you need to replace the macro in the SQL statement with a question mark (?).

     

    Best,

    Edin

     

    image.png

     

     

     

Answers

  • chakravarthy_ra
    chakravarthy_ra New Altair Community Member
    Answer ✓

    Ok so i created a macro with variable as customer_id_in. Then refrenced this in the SP execution as SPName(%{customer_id_in}).

     

    It worked. Thanks

  • Edin_Klapic
    Edin_Klapic New Altair Community Member
    Answer ✓

    Hi @chakravarthy_ra,

     

    In order to prevent SQL injection I propose to check prepare statement in the Read Database Operator.

    Then you can select a list of parameters (i.e. the values) you want to use in Read Database (see screenshot).

    Afterwards you need to replace the macro in the SQL statement with a question mark (?).

     

    Best,

    Edin

     

    image.png

     

     

     

Categories