Actions of type Database statement allows to execute a SQL query. For this purpose, a connection must have been previously created in Database Administration. Placeholders can be used within the query, for example to insert form data into the query. So-called prepared statements are generated, so that SQL injection is not possible. Contents |
Parameters
Details of the database query
- Use configured database query?
- If this option is selected, a DB query preconfigured in the backend can be selected. Additionally, details about the query will be displayed.
- Connection
- Database connection, which was preconfigured in the administration.
- SQL statement
- Text field for the SQL statement.
Access to repeating elements
If repeating elements are inserted in the Designer, all values would be returned comma-separated if more than one repetition exists when using the normal form placeholder as transfer parameter. The access must therefore be indexed here, e.g. [%tfName_0%] for the first entry, [%tfName_1%] for the second entry, etc. A detailed description of the handling of form placeholders for repetitions can be found here.
In this case, multiple SQL actions should also be executed conditionally. In the condition, for example, a required field within the repetition block could be checked to see if content is found.
Action variables
Actions of type Database statement provide Action variables which can be used in subsequent actions.
Standard action variables
- [%$<action name>.SUCCESS%]
- Return whether action was successfully executed. Returns Boolean (true/false).
- [%$<action name>.RESULT%]
- Return all results provided by the action in structured form.
- [%$<action name>.ERROR_CODE%]
- The error code thrown in case of an error in the action. Empty if no error occurred.
- [%$<action name>.ERROR_MESSAGE%]
- The thrown error message in the action's error case. Empty if no error occurred.
Action specific action variables
- [%$<action name>.RESULT.rows[i]['key']%]
- A JSON array containing the results of the SQL statement. Each entry in the JSON array is a JSON object, where the key corresponds to the database column name. The index i starts with 0.
- [%$<action name>.RESULT.updateCount%]
- For an update statement: the number of affected rows in the database. Otherwise, the value is always 0.
- [%$<action name>.RESULT.rows.length()%]
- As with all lists, you can access the number of rows via length().
Note
The entered statement is executed as Prepared-Statement, so that no so-called SQL-Injection is possible. Therefore do not use quotation marks.
Correct
INSERT INTO test_table (firstname, lastname) values ([%tffirstname%], [%tfname%])
False.
INSERT INTO test_table (firstname, lastname) values ('[%tffirstname%]', '[%tfname%]')
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article