1

I am very new to NodeJS, but I have been working to use it to serve my Angular project. I need to access an Oracle DB and return some information using a select statement. I have one statement that works correctly using a bind parameter that is set up like this: 

        var resultSet;
        connection.execute("SELECT column_name, decode(data_type, 'TIMESTAMP(3)','NUMBER'" 
                    + ",'VARCHAR2','STRING','CHAR', 'STRING','NUMBER') as \"DATA_TYPE\""
                    + "FROM someTable where table_name = :tableName",
            [table], //defined above
            {outFormat: oracledb.OBJECT},
            function (err, result) {
                if (err) {
                    console.error(err.message);
                    doRelease(connection);
                    return;
                }
                resultSet = result.rows;
                console.log("Received " + resultSet.length + " rows.");
                res.setHeader('Content-Type', 'application/json');
                var JSONresult = JSON.stringify(resultSet);
               // console.log(JSONresult);
                res.send(JSONresult);
                doRelease(connection);
            });

This returns exactly what I want it to, with the bound variable being what I wanted it to be. Below is the code that doesn't work:

        var resultSet;
        connection.execute(
            "SELECT DISTINCT :columnName from someTable",
            ['someColumn'],
            {outFormat: oracledb.OBJECT},
            function (err, result) {
                if (err) {
                    console.error(err.message);
                    doRelease(connection);
                    return;
                }
                resultSet = result.rows;
                console.log("Received " + resultSet.length + " rows.");
                res.setHeader('Content-Type', 'application/json');
                var JSONresult = JSON.stringify(resultSet);
                console.log(JSONresult);
                res.send(JSONresult);
                doRelease(connection);
            });

This returns {":COLUMNNAME": "someColumn"}. I do not understand why it won't display the results correctly. The two snippets of code are exactly the same, save the SQL query part. I know this a long question, but I really need help. Thank you!

Improve this question
4
  • this really shouldn't matter, but for fun, you could replace ['someColumn'] with {columnName: 'someColumn'} and see if that works? also, the 'LOB_ID' thing seems suspicious -- what datatype is the column? (LOB support is not finished yet). Commented Jul 21, 2015 at 17:26
  • LOB_ID is the name of the column actually. It stands for line of business. The data type is just a number. I edited it so that the result and my code match now. I had removed the column names but forgot in one place! Sorry for the confusion. Also,I took your advice and replaced the array with the object, but I am getting the same result :( Commented Jul 21, 2015 at 18:00
  • hmm. does it work without the DISTINCT? also, prob won't make a difference but you could add additional specifiers in, eg: { columnName: 'someColumn', dir: oracledb.BIND_IN, type: oracledb.NUMBER }. beyond that, i'm stumped! Commented Jul 22, 2015 at 13:36
  • It does not work without DISTINCT. it also does not work with specifiers. Thank you for your help though. I'm as stumped as you are! Commented Jul 22, 2015 at 20:24

1 Answer 1

Reset to default
2

You can bind data values, not the text of the statement itself.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

So there is no way to select all the distinct values of a certain column name from the database - without knowing the column name? Is it possible to pass the variable and then create the sql statement and then run the query with the built sql statement that way?
If the column or table names are not known prior to runtime, you can (carefully) use string concatenation to construct the query text. You need to filter any user-entered values because you can never trust user input not to be malicious.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.