Unable Insert Parameters Into Database

Hi Team,

I am unable to insert values into MySQL database using parameters and getting below error.

Query i am using to insert:

image

Parameters i am passing:

here ORDERNUMBER variable contains “12345”

Error:

image

thanks in advance.

1 Like

Instead of using the parameters, try to use variable substution when bulding the query, and see if that way works

I have tried it using variable, and it’s working fine.
But we are strictly advised to use only parameters by architecture team, because of previous experiences they have.

@abhilashreddyalla, Please ensure ORDERNUMBER is not null.

Hi
did we check with this thread buddy

Cheers @abhilashreddyalla

1 Like

using parameter or not in a query like that will make no difference at all, to the database the command will arrive exactly the same way…

@Bhavik_Solanki Yes, the ORDERNUMBER is not a null value.

@Palaniyappan I am also doing in the same way only but, i am getting the above mentioned error.

@bcorrea Due to Santization feature we need to strictly pass values through parameters only, because of it UiPath properly escape any apostrophes or other character sequences in database query.

1 Like

Hi Abhilash

You should have the parameter name preceded with ‘@’ symbol

Name = @GONID

Hi Vishnu,

i have tried it but still getting same error.

1 Like

It is your choice how you want to do it :slight_smile: Just the only safe way would be to use stored procedures and pass in real parameters…

1 Like

Yah did we try using EXECUTE NON QUERY activity where we can choose STORED PROCEDURE as a type in the property panel and pass the input as IN parameter again along the property itself
So that the parameters will be passed to that procedure and will execute the statement

Cheers @abhilashreddyalla

2 Likes

If you want to parameterize and avoid SQL injection attacks, you have to do the following for MySQL statements (queries and non-queries):

  • in the CommandType property choose StoredProcedure

  • in the Sql field (statement) replace all values that you want to transform in parameters with a question mark (?); don’t use @parametername, that is for Microsoft SQL, and don’t use apostrophes like this ‘?’, use just plain simple question marks

  • in the Parameters sub-window, you must store all the parameters in the order you have them in your Sql statement (query). The first (topmost) parameter should correspond to the first question mark, the second parameter should correspond to the second question mark and so on. I think the name of the parameter is irrelevant here, what is important is the order of the parameters. You can re-arrange them with the small top-down arrows in the corner of the Parameters window.

Example:
"INSERT INTO table (field1, field2, field3, field4) VALUES (?,?,?,'success')"

And then, in the Parameters sub-window, the topmost parameter should correspond to what you want delivered to field1, the second should correspond to field2, and the last one to field3.

Be careful. In the Sql statement, you may need to add backticks (`) to the table name and field names.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.