I have a textbox where the user enters his SQL query. However,I need to make a program that validates the query before executing it in the database.
For Example:
Suppose the user enters
SELECT A1,
A2,
A3
FROM XYZ
So now, before executing the query, I need to check whether A1
, A2
and A3
exists in the table XYZ
or not. If not, the user should be shown an error message.
I'm not able to think of a way to proceed. So Can anyone give a basic idea with a sample code snippet about how to proceed further?
I doubt if you should do this:
XYZ
is not a table , but a view , materialized view , stored procedure (depends on RDBMS) which returns cursor ? XYZ
is a table, but user has not permission ( grant
) to read it? A2
field reading? There're other cases which should be taken into account
XYZ
can be a synonym for whatever, eg dblink to remote table on Hadoop, while this Hadoop is temporary out of service So I suggest executing the query without any preliminary check, but parsing and explaining exception thrown if any.
The very suitable way is excecuting the code in MS SQL and let MS SQL figure out the errors.
StringBuilder query= new StringBuilder();
query.Append("BEGIN \n");
query.Append("BEGIN TRY \n");
query.Append(" -- Table does not exist; object name resolution \n");
query.Append(" -- error not caught. \n");
query.Append(" --Append the variable which holds your sql query \n");
query.Append(" --For eg.: SELECT * FROM NonexistentTable; \n");
query.Append(" END TRY \n");
query.Append(" BEGIN CATCH \n");
query.Append(" SELECT \n");
query.Append(" ERROR_NUMBER() AS ErrorNumber \n");
query.Append(" ,ERROR_MESSAGE() AS ErrorMessage; \n");
query.Append(" END CATCH \n");
query.Append("END");
Excecute the query using ExcecuteScalar() of SQLCommand.
SQL Server will return the exact errors for the query submitted.
So now, before executing the query, I need to check whether A1,A2 and A3 exist in the table XYZ or not.
If you want to check if the values exists in the table you have to query in the table. Without executing the query you cannot find if the value exists in the table.
If you are working in SQL Server( for example ) then you can make use of the IF EXISTS clause like
IF EXISTS(
SELECT *
FROM sys.columns
WHERE Name = 'A1' AND Name = 'A2' AND Name = 'A3'
AND Object_ID = Object_ID(N'XYZ'))
BEGIN
END
Probably you need to do it one by one. First Check whether the Table XYZ exist or not
SELECT * FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_NAME = 'XYZ';
Then would come to the next question that is if the field name in the table exists or not
SELECT * FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_NAME = 'XYZ'
AND COLUMN_NAME = 'A1'
AND COLUMN_NAME = 'A2'
AND COLUMN_NAME = 'A3'
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.