Issue with SQL on connectors

Hoss1 · November 29, 2021, 2:51pm

I’m pulling data from an SQL database, with an input of part number which is in the format of X-NNNN-NNNN sometimes with a suffix of -NN or -XXX, and i want to ignore that suffix.
My SQL querie is as follows:
select *
from [MPD_Service].[dbo].[Configuration]
where [Part_Number] LIKE $Part_Number$+’%’

Part_Number in the database is always X-NNNN-NNNN and the input might be things such as:
X-NNNN-NNNN or,
X-NNNN-NNNN-NN or,
X-NNNN-NNNN-XXX

In my understanding the ‘+’%’ wildcard should work, but its not. Only the first case above works, the other 2 return ‘null’

mellerbeck · November 29, 2021, 4:23pm

You typically don’t want to concat values into dynamic SQL strings because of SQL injection.

This is my favorite example (its a postgresql fiddle, but gets the point across)
https://dbfiddle.uk/?rdbms=postgres_12&fiddle=6fe89b1a19f74439ea637fe905ad3af6

So it looks like for SQL server (I’m assuming that’s the connection)
You should use sp_executesql

Executing a simple SELECT statement

The following example creates and executes a simple SELECT statement that contains an embedded parameter named @level .

SQLCopy

EXECUTE sp_executesql   
          N'SELECT * FROM AdventureWorks2012.HumanResources.Employee   
          WHERE BusinessEntityID = @level',  
          N'@level TINYINT',  
          @level = 109;

Hoss1 · November 29, 2021, 4:48pm

Sorry but i don’t see how your suggestion relates to my issue.
After some testing in SQLFiddle.com i managed to find a solution that tests out ok there:
SELECT * FROM [Configuration] WHERE partNo LIKE LEFT(@Input,11)
but that does not work in Tulip.

mellerbeck · November 29, 2021, 5:38pm

Actually, on second thought I think Tulip sanitizes the query ( I should ask about that). What DB are you connecting to?

Hoss1 · November 29, 2021, 5:51pm

MS SQL Server (unsure of version, can check)

mellerbeck · November 29, 2021, 6:23pm

One thing to try is tick marks around your variable?

select *
from [MPD_Service].[dbo].[Configuration]
where [Part_Number] LIKE ‘$Part_Number$’+’%’

I was playing with it here at the mssql fiddle SQL Test

Hoss1 · December 2, 2021, 3:20pm

In fact the solution is: where [Part_Number] LIKE LEFT($Part_Number$,11)+’%’
I was almost there, but thank you Tulip support for giving the final answer.

Topic		Replies	Views
On-Premise Tulip MS SQL Connector Data Issues	1	666	April 23, 2021
How to get data out of Tulip and into a SQL Server Support, Troubleshooting, & Help	1	303	April 20, 2021
Using input parameter in Connector function Support, Troubleshooting, & Help	4	446	May 9, 2021
Chinese character or UTF-8 setting during process the DB connector Support, Troubleshooting, & Help	14	3337	November 8, 2021
Using Query Parameters in Connectors Functions Support, Troubleshooting, & Help connectors , query , parameters	4	1106	April 27, 2021

Issue with SQL on connectors

Executing a simple SELECT statement

Related Topics