Re: a stored procedure ..with integer as the parameter

["surabhi.ahuja" <surabhi.ahuja@xxxxxxxxxxx>]

Title: Re: a stored procedure ..with integer as the parameter

 oops i am sorry,

i mean from the client i ll be getting values (which i need to insert into the table) in the form of strings:

 

and i form the insert command as follows:

 

function(char *a, char *b, char *c)

{

char command[1024];

sprintf(command, "select insert('%s','%s','%s')", a,b,c);

execute the above command;

}

 

the above is just the pseudo code

 

the stored procedure in turn is as follows (psudocode):

 

insert(smallint , smallint, varchar(256))

begin

insert into table 1 values ($1, $2, $3);

end

---

From: Richard Huxton [mailto:dev@xxxxxxxxxxxx]
Sent: Mon 10/24/2005 3:04 PM
To: surabhi.ahuja
Cc: Stephan Szabo; pgsql-general@xxxxxxxxxxxxxx
Subject: Re: a stored procedure ..with integer as the parameter

***********************
Your mail has been scanned by InterScan VirusWall.
***********-***********


surabhi.ahuja wrote:
> from the client I get : "200", "surabhi", "10"
> now i have to make a call to the stored procedure using the above received strings.
> will not the "200" be converted to a valid integer before saving into the database ..and same with the smallint values.

That wasn't the error you reported. You reported a problem with storing
"" which not only isn't a number, it isn't even text. Double-quoting
indicates it's a name (i.e. an identifier - a table name or similar).

So - this suggests some questions:
1. Do you know what data-types the client is providing?
2. What validation/checking do you do on the client-supplied data?
3. How are you building your query - via Perl's DBI system, PHP's
PEAR:DB classes, JDBC?

--
   Richard Huxton
   Archonet Ltd