Description
The ESQL logicsheet is an XSP logicsheet that performs sql queries and
serializes their results as XML. This allows you to work with data from a
wide variety of different sources when using Apache Cocoon.
It has a number of important advantages over the old (deprecated) SQL
logicsheet and SQL processor. For example, it allows you to mix esql with
other logicsheets. It also supports prepared statements (which gives you
automatic parameter escaping), multiple encodings in a single query and
even multiple resultsets on one statement (if supported from database)!
The name was chosen merely to emphasise the fact that this is an
extended version of the old sql logicsheet - esql still uses standard SQL
syntax. In fact, it is just a conversion wrapper around your JDBC database
driver, so it supports no more and no less SQL syntax than your JDBC driver
supports.
Installation
Check your cocoon.xconf for this line and add it if it's not already there:
| | |
|
<builtin-logicsheet>
<parameter name="prefix" value="esql"/>
<parameter name="uri" value="http://apache.org/cocoon/SQL/v2"/>
<parameter name="href"
value="resource://org/apache/cocoon/components/language/markup/xsp/java/esql.xsl"/>
</builtin-logicsheet>
| |
| | |
Configuration
Map the
| | |
|
http://apache.org/cocoon/SQL/v2
| |
| | |
namespace to the esql prefix. Elements in the esql taglib namespace will be interpreted as input to
the esql taglib and will be stripped from the output.
This is typically done like this:
| | |
|
<xsp:page
language="java"
xmlns:xsp="http://apache.org/xsp"
xmlns:esql="http://apache.org/cocoon/SQL/v2"
>
. . .
</xsp:page>
| |
| | |
Connection
Esql can use connection pools configured in cocoon.xconf or
individually set up connections.
esql:pool gives the name of the connection pool to use.
Individually configured connections use the esql:driver,
esql:dburl, esql:username, esql:password tags. Their meaning
should be obvious.
Connection Options
Per default, esql will try to switch a connection to autocommit
mode. This is because it prevents hanging transactions that hold locks and
disturb further database accesses. Esql can be forced to not use
autocommit, by giving the
<esql:autocommit>false</esql:autocommit> nested
element to esql:connection .
| Even if a connection is configured with autocommit off in
cocoon.xconf , esql will switch autocommit on if not
instructed to do otherwise. |
Other options like limiting the size of the resultset are discussed
below.
Usage and Examples
At the moment documentation on esql is quite thin on the ground -
however, it should be enough to get you started. In the
docs/samples/xsp directory you will find
esql.xsp , which is an example of two esql queries,
demonstrating "nested" queries and dynamic prepared statements. However,
much more comprehensive is the schema in
esql.xsd which is a formal specification, written in the W3C
standard language XML Schema, of every single esql element and attribute.
It is fairly human-readable and includes comments for the purpose of each
tag.
A fairly common example is to list a query result in a table. Notice that
esql:results and esql:no-results are mutual exclusive. So only one of them
will be in your XML tree. This example takes a connection from a datasource
defined in cocoon.xconf :
| | |
|
<esql:connection>
<esql:pool>connectionName</esql:pool>
<esql:execute-query>
<esql:query>SELECT mycolumn1,mycolumn2 FROM table</esql:query>
<esql:results>
<table>
<esql:row-results>
<tr>
<td><esql:get-string column="mycolumn1"/></td>
<td><esql:get-string column="mycolumn2"/></td>
</tr>
</esql:row-results>
</table>
</esql:results>
<esql:no-results>
<p>Sorry, no results!</p>
</esql:no-results>
</esql:execute-query>
</esql:connection>
| |
| | |
Dynamic Queries
When a query contains dynamic parts, e.g. a value that is to be matched,
esql offers two different possibilities to achieve that. First, as the
query is really a string, it can be constructed like any other string by
concattenation.
| | |
|
<xsp:logic>
String orderBy = null;
switch(type) {
case 1: orderBy = "order by name"; break;
case 2: orderBy = "order by salary"; break;
default: orderBy = "";
}
</xsp:logic>
<!-- ... -->
<esql:query><xsp:expr>"SELECT name, salary FROM employee "+orderBy</xsp:expr></esql:query>
| |
| | |
Note, however, that here any string will be part of the actual
statement. In this example it does no harm as the value for the
orderBy variable is completely under the control of
your code. Any malicious attacker could not inject his or her own
code. Thus this technique should not be used when values returned
from the client have to be used.
The second variant is to use a PreparedStatement for dynamic
parameters. Since the driver is supposed to keep parameters
distinct from the statement, no code can be injected this way. In
addition, your DBMS puts more effort into optimizing the
statement. PreparedStatements are created whenever a
<esql:parameter/> tag appears in a query.
| | |
|
<esql:query>SELECT name, salary FROM employee
WHERE name=<esql:parameter><xsp:expr>name</xsp:expr></esql:parameter></esql:query>
| |
| | |
Refering to Results
A select query usually returns one ResultSet. This case is handled by
the esql:results tag and its content. However, many special
cases exist, e.g. an error occurs or an update query is used. Esql
provides different tags for these cases.
If an empty result set is returned, the esql:no-results
block is used.
Errors
In case of an error, usually signalled by an Exception during setup or
execution of a query, the esql:error-results block is
evaluated. If no such tag exists, the exception is rethrown and
processing is stopped. Withing the tag, esql:get-message ,
esql:get-stacktrace , and esql:to-string allow
access to the error message.
Limiting the number of rows returned
Esql allows to display only a part of the result set using the
esql:use-limit-clause . If your DBMS is supported, the DBMS
generates only the indicated rows, otherwise a number of rows are skipped
and retrieval is stopped after a given number of rows. It works like a
fixed-size window to the result set, paging through it.
These parameters are set for a connection.
If the esql:use-limit-clause is empty or set to "auto",
esql tries to determine automatically which method to use, depending on
the connection URL.
esql:skip-rows and esql:max-rows tags specify
how many rows should be skipped at the beginning and how many rows should
be retrieved at maximum.
In this context the esql:previous-results and
esql:more-results blocks hold code and content that is only
used if this sliding window has previous or following windows.
| | |
|
<esql:connection>
<esql:pool>connectionName</esql:pool>
<esql:execute-query>
<esql:query>SELECT mycolumn1,mycolumn2 FROM table</esql:query>
<esql:use-limit-clause>auto</esql:use-limit-clause>
<esql:skip-rows><xsp:expr>skiprows</xsp:expr></esql:skip-rows>
<esql:max-rows>10</esql:max-rows>
<esql:results>
<table>
<esql:row-results>
<esql:previous-results>previous rows available</esql:previous-results>
<esql:more-results>more rows available</esql:more-results>
<tr>
<td><esql:get-string column="mycolumn1"/></td>
<td><esql:get-string column="mycolumn2"/></td>
</tr>
</esql:row-results>
</table>
</esql:results>
<esql:error-results>An error occurred</esql:error-results>
<esql:no-results>
<p>Sorry, no results!</p>
</esql:no-results>
</esql:execute-query>
</esql:connection>
| |
| | |
Updates
In JDBC, updates, inserts, and deletes are "update queries". For those,
no results are available but an update count is returned, indicating,
how many rows were affected.
Code or content that depends on this has to be placed inside the
esql:update-results tag. It is used whenever at least one
row was affected. The update count can be accessed through the
esql:get-update-count tag.
If no rows where affected, the esql:no-results block is
used.
| | |
|
<esql:connection>
<esql:pool>connectionName</esql:pool>
<esql:execute-query>
<esql:query>update table set price=price*1.17</esql:query>
<esql:error-results>An error occurred</esql:error-results>
<esql:update-results>
<esql:get-update-count/> prices adjusted.
</esql:update-results>
<esql:no-results>
<p>Sorry, no prices adjusted!</p>
</esql:no-results>
</esql:execute-query>
</esql:connection>
| |
| | |
Groups
For more complex lists, often nested queries are needed. Esql allows
arbitrary nesting of queries. However, you can do table joins and then
insert a header whenever a "watched" column value changes using the
<esql:group/> and <esql:member/>
tags. It follows the nesting ideology of <xsp:logic> ...
<xsp:content></></> You can nest
<esql:group> and <esql:member>
indefinately. group-on can be an attribute of
group or a text node. The value of the text node has
precedence over the attribute. The value can be the column name or the
column number.
| | |
|
<esql:execute-query>
<esql:query>
select committeeName, title, firstName, middleName, lastName, suffix, status
from committeeMember left join directoryInformation using(userid)
left join committee on committee.id=committeeMember.committeeid
order by committeeName asc
</esql:query>
<esql:results>
<esql:row-results>
<esql:group group-on="committeeName">
<h2><esql:get-string column="committeeName"/></h2>
<ul>
<esql:member>
<li>
<esql:get-string column="title"/>
<esql:get-string column="firstName"/>
<esql:get-string column="middleName"/>
<esql:get-string column="lastName"/>
<esql:get-string column="suffix"/>
</li>
</esql:member>
</ul>
</esql:group>
</esql:row-results>
</esql:results>
</esql:execute-query>
| |
| | |
One important limitation of the grouping feature is, that no access
to a column may appear after closing a group. The value will belong
to the following row or cause an error if no next row exists. If this is
needed, consider swapping columns using XSLT or embedded JAVA. Hence the
following example is illegal:
| | |
|
<esql:execute-query>
<esql:query>
select committeeName, committeeTitle, title, firstName, middleName,
lastName, suffix, status
from committeeMember left join directoryInformation using(userid)
left join committee on committee.id=committeeMember.committeeid
order by committeeName asc
</esql:query>
<esql:results>
<esql:row-results>
<esql:group group-on="committeeName">
<h2><esql:get-string column="committeeName"/></h2>
<ul>
<esql:member>
<li>
<esql:get-string column="title"/>
<esql:get-string column="firstName"/>
<esql:get-string column="middleName"/>
<esql:get-string column="lastName"/>
<esql:get-string column="suffix"/>
</li>
</esql:member>
</ul>
</esql:group>
<esql:get-string column="committeeTitle"/><!-- illegal !! -->
</esql:row-results>
</esql:results>
</esql:execute-query>
| |
| | |
Stored Procedure Support
In order to use stored procedures replace
<esql:query/> with <esql:call/> , use
either DBMS specific syntax or JDBC escape syntax {? =
foo(?)} . If your jdbc driver requires to use the
executeQuery() method instead of the execute()
method (like e.g. INFORMIX does), set needs-query="true"
attribute.
If a result set is returned through the (only) return parameter of a
stored procedure, e.g. resultset-from-object="1" as attribute
to <esql:call/> to automatically use this result set.
For a more general alternative see further below.
Parameters for a stored procedure call may be of
direction="in|out|inout" with the usual JDBC meaning. In
addition a type needs to be supplied for "out" and "inout"
parameters. This would be the same "XXX" as used in a get-XXX
JDBC-method call. Alternatively, you can use a fully qualified field name,
e.g. "java.sql.Types.CHAR"
<esql:call-results/> (child of
<esql:execute-query/> ) may contain code that will
always be executed whether the query returned a result or not. For example
most stored procedures will not return a result set but several out
parameters.
All <esql:get-xxx/> tags accept a new attribute
from-call="yes" to indicate that the value is retrieved from
the CallableStatement rather than the current ResultSet. Obviously, this
only works after a call to a stored procedure.
Retrieve a ResultSet from any column and use it like the result of a
nested query with the esql:use-results tag. It behaves
exactly like nesting queries. Thus the ancestor attribute can
be used to access e.g. the original query.
Example:
| | |
|
<esql:call>{? = foo(<esql:parameter direction="in"
type="Int"><xsp:expr>1</xsp:expr></esql:parameter>)}
</esql:call>
<esql:call-results>
<esql:use-results>
<esql:result><xsp:expr>(ResultSet)<esql:get-object column="1" from-call="true"/></xsp:expr></esql:result>
<esql:results>
<esql:row-results>
<esql:get-string column="1"/>
</esql:row-results>
</esql:results>
</esql:use-results>
</esql:call-results>
| |
| | |
Example:
| | |
|
<esql:query>select name, list_of_aliases from table</esql:query>
<esql:results>
<esql:row-results>
<p>
<esql:get-string column="name"/>:
<esql:use-results>
<esql:result><xsp:expr><esql:get-array column="list_of_aliases"/>.getResultSet()</xsp:expr></esql:result>
<esql:results>
<esql:row-results>
<esql:get-string column="1"/>
</esql:row-results>
</esql:results>
</esql:use-results>
</p>
</esql:row-results>
</esql:results>
| |
| | |
Multiple Results
If multiple results are returned from a stored procedure or a query, the
esql:results block is reused. However, it is supported to
have different blocks for each result. Since a result can either be a
ResultSet or an UpdateCount, both are counted independently. The nth
ResultSet will be handled by the nth esql:results block, or -
if there are fewer blocks - the last one.
The same holds true for esql:update-results and
esql:no-results blocks as well.
| Support for multiple results is not widely available with DBMSs.
Therefore support is disabled by default. Use the
<esql:allow-multiple-results>yes</esql:allow-multiple-results>
parameter to the <esql:connection/>. |
Example: Suppose stored procedure bar returns an update
count, another update count, a result set, an update count, and a
last result set.
| | |
|
<esql:call>{? = bar(<esql:parameter direction="in"
type="Int"><xsp:expr>1</xsp:expr></esql:parameter>)}
</esql:call>
<esql:results>
<!-- this is used for the first result set -->
</esql:results>
<esql:results>
<!-- this is used for the second and
all following result sets -->
</esql:results>
<esql:update-results>
<!-- this is used for the first update count -->
</esql:update-results>
<esql:no-results>
<!-- this is used for the first update count -->
</esql:no-results>
<esql:update-results>
<!-- this is used for the second and
all following update counts -->
</esql:update-results>
<esql:no-results>
<!-- this is used for the second and
all following update counts -->
</esql:no-results>
| |
| | |
The ultimate reference, is of course the source code, which is an XSLT
logicsheet contained in the file
src/org/apache/cocoon/components/language/markup/xsp/java/esql.xsl
Of course, we would be very grateful for any improvements on this
documentation or further examples - please send them to users.at.cocoon.apache.org!
Template Descriptions
Tag |
Description |
esql:row-results//esql:get-columns |
results in a set of elements whose names are the names of the columns. the elements each have one text child, whose value is the value of the column interpreted as a string. No special formatting is allowed here. If you want to mess around with the names of the elements or the value of the text field, use the type-specific get methods and write out the result fragment yourself. For Cocoon 2 only, this outputs structured types as well. Here sql-list or sql-set contains several sql-list-item or sql-set-item element that again contain the actual data. |
esql:row-results//esql:get-string |
returns the value of the given column as a string |
esql:row-results//esql:get-date |
returns the value of the given column as a date. if a format attribute exists, its value is taken to be a date format string as defined in java.text.SimpleDateFormat, and the result is formatted accordingly. |
esql:row-results//esql:get-time |
returns the value of the given column as a time. if a format attribute exists, its value is taken to be a date format string as defined in java.text.SimpleDateFormat, and the result is formatted accordingly. |
esql:row-results//esql:get-timestamp |
returns the value of the given column as a timestamp. if a format attribute exists, its value is taken to be a date format string as defined in java.text.SimpleDateFormat, and the result is formatted accordingly. |
esql:row-results//esql:get-boolean |
returns the value of the given column as true or false |
esql:row-results//esql:get-double |
returns the value of the given column as a double. if a format attribute exists, its value is taken to be a decimal format string as defined in java.text.DecimalFormat, and the result is formatted accordingly. |
esql:row-results//esql:get-float |
returns the value of the given column as a float. if a format attribute exists, its value is taken to be a decimal format string as defined in java.text.DecimalFormat, and the result is formatted accordingly. |
esql:row-results//esql:get-int |
returns the value of the given column as an integer |
esql:row-results//esql:get-long |
returns the value of the given column as a long |
esql:row-results//esql:get-short |
returns the value of the given column as a short |
esql:row-results//esql:get-ascii |
returns the value of the given column as a clob |
esql:row-results//esql:get-object |
returns the value of the given column as an object |
esql:row-results//esql:get-array |
returns the value of the given column as an java.sql.Array. This is frequently used for collection
datatypes like lists, sets, bags etc. |
esql:row-results//esql:get-struct |
returns the value of the given column as a java.sql.Struct. This is frequently used for row types. |
esql:row-results//esql:get-xml |
returns the value of the given column interpreted as an xml fragment.
The fragment is parsed by the default xsp parser and the document element is returned.
If a root attribute exists, its value is taken to be the name of an element to wrap around the contents of
the fragment before parsing. |
esql:results//esql:get-column-count |
returns the number of columns in the resultset. |
esql:row-results//esql:get-row-position|esql:results//esql:get-row-position |
returns the position of the current row in the result set |
esql:row-results//esql:get-column-name |
returns the name of the given column. the column must be specified by number, not name. |
esql:row-results//esql:get-column-label |
returns the label of the given column. the column must be specified by number, not name. |
esql:row-results//esql:get-column-type-name |
returns the name of the type of the given column. the column must be specified by number, not name. |
esql:row-results//esql:is-null |
allows null-column testing. Evaluates to a Java expression, which is true when the referred column contains a null-value for the current resultset row |
esql:error-results//esql:get-message |
returns the message of the current exception |
esql:error-results//esql:to-string |
returns the current exception as a string |
esql:error-results//esql:get-stacktrace |
returns the stacktrace of the current exception |
esql:results/esql:get-metadata |
returns the metadata associated with the current resultset |
esql:results/esql:get-resultset |
returns the current resultset |
esql:group |
Allows header elements around groups of consecutive records with identical values in column named by @group-on. Facilitates a single query with joins to be used in lieu of some nested queries. |
esql:member |
Used in conjunction with and nested inside esql:group. Formatting for individual records goes within esql:member. Header stuff goes in between group and member. |
@*|node() |
used internally to determine which column is the given column. if a column attribute exists and its value is a number, it is taken to be the column's position. if the value is not a number, it is taken to be the column's name. if a column attribute does not exist, an esql:column element is assumed to exist and to render as a string (after all of the xsp instructions have been evaluated), which is taken to be the column's name. |
|