Mule DB connector parameterized query

0
votes

This is my first time experience with Mule & trying to define a flow with DB connector. I am defining a parameterized simple select query with 3 parameters but somehow not able to figure it out. Even I tried putting entire/partial query in Variable before passing the variable value to query but could not succeed. Any help is highly appreciated.

select * from employees where employee_country='UK' limit 1,10;

Here UK,1 & 10 are dynamic values which will come from UI as below, http://localhost:9090/employee?country=UK&start=1&limit=10

My try:

select * from employees where employee_country=#[message.inboundProperties.'http.query.params'.country] limit #[message.inboundProperties.'http.query.params'.start],#[message.inboundProperties.'http.query.params'.limit]

Thanx, -Swapnil

2
databasemuleconnectorparameterized-query

2 Answers

1
votes

You are trying to create a dynamic query. For a parameterised query, you should separate the parameter values with placeholders. Parameterized won't replace expressions.

Here is the difference between the two options:

<db:select config-ref="DBConfig" doc:name="Database">
    <db:parameterized-query><![CDATA[select * from employees where employee_country= :country limit 1,10;]]></db:parameterized-query>
    <db:in-param name="country" type="VARCHAR" value="#[message.inboundProperties.'http.query.params'.country]" />           
</db:select>

Dynamic:

<db:select config-ref="DBConfig" doc:name="Database">
    <db:dynamic-query><![CDATA[select * from employees where employee_country=#[message.inboundProperties.'http.query.params'.country] limit #[message.inboundProperties.'http.query.params'.start],#[message.inboundProperties.'http.query.params'.limit]]]></db:dynamic-query>
</db:select>

Here is the documentation explaining the difference:

https://docs.mulesoft.com/mule-runtime/3.7/database-connector#query-types

Parameterized is the recommended approach as the disadvantage of using dynamic query statements is security as it leaves the statement open for SQL injection.

0
votes
  1. In real time you might need these values in the flow .To reuse them capture via flow variables. When we have dynamic value that are coming in query params..capture it via variable name originalQueryParams

#[message.inboundProperties.'http.query.params']

  1. Use groovy script to capture those variables and seperate them via set invocation properties ..

    def inputRequest = message.getInvocationProperty('originalQueryParams'); message.setInvocationProperty('country',inputRequest.country); return payload;

  2. Now Country is you flow variable and pass it in the query .

    select * from employees where employee_country = '#[flowVars.country]'

Hope this helps