Database SQL Query

The Database SQL Query (formerly JDBC Form Binder) allows you to use custom SQL statements to retrieve and load records into your form fields. Similarly, you can write SQL statements to save the records in your form fields into a database table.

Important

When using a Hash Variable that involves URL parameters or user-inputted values in the SQL query, ensure these variables are escaped to prevent SQL injection. Use the ?sql escape keyword for hash variables.

Vulnerable Query Example:

SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id#'

To fix this, use ?sql Hash variable escape:

SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id?sql#'

Database SQL Query settings are in the form PROPERTIES tab under Advanced > Data > Load Data From & Save Data To. The Database SQL Query replaces the standard Workflow Form Binder.

You can configure the following options:

Load Data From: You only need to configure the datasource and SELECT query.
Store Data To: You must write SQL statements for SELECT, INSERT, UPDATE, and DELETE actions.

Exceptions

Database SQL Query cannot be used in the following cases (revert back to Default Data Store):

Use of form element workflow variables: Database SQL Query will not populate or update the workflow variables.
Use of file and image attachment field elements: Database SQL Query will not handle the retrieval or transfer into Joget file storage.

Note: Database SQL Query comes standard in Joget v6 and DX. Using Joget v5, you can download JDBC Binders from the Joget Marketplace.

Configure data load for database SQL query

When configuring a data load for a database SQL query, you are presented with the form below.

Configure the following fields:

Datasource:
- Custom Datasource: Set up to connect to an external database with additional configuration.
- Default Datasource: Connects to the Joget database.
  By selecting Default Datasource, the database your Joget is currently using will be selected.
Custom JDBC Driver: Required when Custom Datasource is selected. For example, com.mysql.jdbc.Driver.
Custom JDBC URL: Required when Custom Datasource is selected. For example, jdbc:mysql://localhost/jwdb?characterEncoding=UTF8&useSSL=false.
Custom JDBC Username: Required when Custom Datasource is selected.
Custom JDBC Password: Required when Custom Datasource is selected.

Test the connection parameters: To test your configurations quickly, click the Test Connection button at the bottom of the page.
SQL SELECT Query for Load Data: The SQL query specific to your database type (MySQL, MSSQL, Oracle, etc.). Use a question mark ? to represent the primary key or foreign key.
```
SELECT *
FROM app_fd_table
WHERE id = ?
```
If a column name contains reserved keywords, ensure it is encapsulated properly.

For example, for MySQL, if the column identifier itself contains a dot symbol ( . ), it should be encapsulated like this:
```
SELECT `myAppName.myColumn` FROM app_fd_myTable;
```

Table & Column Naming

- For database tables created by Joget Forms, Joget adds a c_ in front of table column names (or t_ if your column name starts with a number) and app_fd_ in front of database table names.
- If you use environment hash variables to store SQL query strings, use ?noescape to escape SQL query strings in JDBC binders to prevent the <> ("not equal") operator from being converted, i.e., disables XSS prevention checking. For more information, see Escaping the Resultant Hash Variable.
Handling for Field Workflow Variable?: Click the checkbox if you are using workflow variables mapping in your form elements. This does not apply to grid elements.
Handling for Uploaded Files?: Click the checkbox if you are using file or image attachments in your form elements. The JDBC binder will save your file or image attachment into the .wflow folder when you save the form.

Configure data store for database SQL query

When configuring a data store for a database SQL query, you are presented with the form below.

Configure the following fields:

Datasource:
- Custom Datasource: Set up to connect to an external database with additional configuration.
- Default Datasource: Connects to the Joget database.
  By selecting Default Datasource, the database your Joget is currently using will be selected.
Custom JDBC Driver: Required when Custom Datasource is selected. For example, com.mysql.jdbc.Driver.
Custom JDBC URL: Required when Custom Datasource is selected. For example, jdbc:mysql://localhost:3307/jwdb?characterEncoding=UTF8&useSSL=false.
Custom JDBC Username: Required when Custom Datasource is selected.
Custom JDBC Password: Required when Custom Datasource is selected.

Test the connection parameters: To quickly test your configurations, click the Test Connection button at the bottom of the page.
SQL SELECT Query for Data Store: The SQL query specific to your database type. Use syntax like {field_id} in the query to inject submitted form data. See the example below.
```
SELECT *
FROM app_fd_table
WHERE id = {id}
```
Note: If you use JDBC in a form grid or spreadsheet to load or save data, be advised that the SQL syntax differs from that of a form load or save data store. Kindly download and view the sample app for JDBC in a form grid or spreadsheet.
SQL INSERT Query: Use syntax like curly brackets {field_id} in the query to inject submitted form data. See the example below.
```
INSERT INTO app_fd_table (id, c_name, c_emailaddress)
VALUES ({id}, {name}, {emailAddress})
```
You can use {uuid} to tell Joget to create a random unique id or a "Universally unique identifier". See the example below.
```
INSERT INTO app_fd_table (id, c_name, c_emailaddress)
VALUES ({uuid}, {name}, {emailAddress})
```
For JDBC SQL INSERT in a grid, use {foreignKey} syntax to populate the parent ID into the child table foreign key value, as follows:
```
INSERT app_fd_table_child (id, c_name, c_fk)
VALUES ({uuid}, {name}, {foreignKey})
```
SQL UPDATE Query: Use syntax like curly brackets {field_id} in the query to inject submitted form data. See the example below.
```
UPDATE app_fd_table
SET c_name = {name}, c_emailaddress = {emailAddress}
WHERE id = {id}
```
SQL DELETE Query: SQL statement to delete form data records. Use syntax like curly brackets {id} In the query, inject the primary key value of the form data. See the example below.
```
DELETE
FROM app_fd_table
WHERE id = {id}
```

Understanding JDBC errors

The table below presents a list of common JDBC errors.

Error Message	Causes and Solutions
Message on screen: Record cannot be found	There is a JDBC configuration error. Check the `joget.log` file for more information.
ERROR org.joget.plugin.enterprise.JdbcLoadBinder - org.apache.commons.dbcp.SQLNestedException: <br> Cannot load JDBC driver class	The property Custom JDBC Driver is incorrect.
ERROR org.joget.plugin.enterprise.JdbcLoadBinder - org.apache.commons.dbcp.SQLNestedException: <br> Cannot create PoolableConnectionFactory (Could not connect to address=(host=localhost)(port=3306)(type=master) : Socket fail to connect to host , port:3306. Connection refused: connect)	The property Custom JDBC URL is incorrect.
ERROR org.joget.plugin.enterprise.JdbcLoadBinder - org.apache.commons.dbcp.SQLNestedException: <br> Cannot create PoolableConnectionFactory (Could not connect to address=(host=localhost)(port=3307)(type=master) : Access denied for user 'xxxx'@'localhost' (using password: YES)	The property Custom JDBC Username or Custom JDBC Password is incorrect.
ERROR org.joget.plugin.enterprise.JdbcLoadBinder - java.sql.SQLSyntaxErrorException: <br> ...	The property SQL SELECT Query is incorrect. Check the SQL lower or upper case spelling on table and column names, especially if you are running a database on a Linux OS which is case sensitive.
ERROR org.joget.plugin.enterprise.JdbcLoadBinder - java.sql.SQLException: <br> Could not set parameter at position 1 (values was '?') Query - conn:506(M) - SELECT * FROM app_fd_table WHERE id = "?"	Do not enclose the `?` in single or double quotation marks. Correct syntax is: <br> `SELECT * FROM app_fd_table WHERE id = ?`
ERROR org.joget.tutorial.JdbcOptionsBinder - com.microsoft.sqlserver.jdbc.SQLServerException: <br> The value is not set for the parameter number 2	DB error on JDBC Options with "Field ID to control available options based on Grouping". You can only pass one `?` parameter in the SQL.

Additional resources

Explore more about SQL queries with Joget through these resources:

Download these demo applications to see JDBC Form Binders in action:

Demo app using JDBC Form Binders for MySQL database: APP_kb_dx8_jdbc_load_store_form_binder.jwa .
Demo app using JDBC Form Grid Binders for MySQL database: APP_kb_dx8_form_grid_with_jdbc_binder.jwa.
Demo app using JDBC in List Grid for MySQL database: APP_kb_dx8_list_grid_multirow_jdbc.jwa.

And for Oracle database:

Demo app using JDBC Form Binders for Oracle database: APP_kb_dx8__example_form_jdbc_on_oracle_v6.jwa.
Demo app using JDBC Form Grid Binders for Oracle database: APP_kb_dx8_jdbc_form_grid_oracle.jwa.

Created by Julieth Last modified by Aadrian on Dec 13, 2024

Tags:

Previous Bean Shell Form Data Store NextDatabase Wizard Form Data Store