Built-in Finders for Arbitrary Queries
Database mashables can include these built-in operations to handle arbitrary SQL queries for a single table or view:
findtable-nameByWhereClause:
Accepts a parameter with the SQL code for a WHERE clause which can contain dynamic parameters (as
?). This can also include an ORDER BY clause at the end.
For example: "LAST_NAME LIKE ? AND DEPT_NO = ?"
Accepts a second parameter with a string containing the values for all dynamic parameters in the WHERE clause. Parameters are separated by commas. They must be simple values that cannot contain commas.
For example: "L%,1020"
Uses a prepared statement and thus has no risk of SQL injection attacks.
Returns all columns defined for the mashable.
findtable-nameWhere:
Accepts a parameter with the SQL code for a fully-specified WHERE clause. This can also include an ORDER BY clause at the end.
Should be used only by users familiar with the database schema as parameters use the database SQL names for columns rather than mashable names.
Executes raw SQL and thus is vulnerable to SQL injection attacks.
Returns all columns defined for the mashable.
selecttable-name Accepts a parameter with the SQL code for a SELECT statement for the specific table. You cannot specify other table names.
For example: "EMPLOYEE_ID, FIRST_NAME, EMAIL"
Accepts a parameter with the SQL code for a fully-specified WHERE clause.
For example: "FIRST_NAME LIKE 'L%'"
Should be used only by users familiar with the database schema as parameters use the database SQL names for columns rather than mashable names.
Executes raw SQL and thus is vulnerable to SQL injection attacks.
Can select specific columns from those defined for the mashable.
Can sort results.
By default, findtable-nameWhere and selecttable-nameare not enabled when you register a database mashable. MashZone NextGen administrators can disable both these operations or enable them by default individually.
