Database query
Actions of type Database query allows to execute a SQL query. For this purpose, a connection must have been previously created in Database Administration. Placeholders can be used within the query, for example to insert form data into the query. So-called prepared statements are generated, so that SQL injection is not possible.
Parameters
Database query details
- Use configured DB query?
- If this option is selected, a DB query preconfigured in the backend can be selected. Additionally, details about the query will be displayed.
- Connection
- Database connection, which was preconfigured in the administration.
- SQL statement
- Text field for the SQL statement.
Action variables
Actions of type Database query provide Action variables which can be used in subsequent actions.
Standard action variables
- [%$<action name>.SUCCESS%]
- Return whether action was successfully executed. Returns Boolean (true/false).
- [%$<action name>.RESULT%]
- Return all results provided by the action in structured form.
- [%$<action name>.ERROR_CODE%]
- The error code thrown in case of an error in the action. Empty if no error occurred.
- [%$<action name>.ERROR_MESSAGE%]
- The thrown error message in the action's error case. Empty if no error occurred.
Action specific action variables
- [%$<action name>.RESULT.rows[i]['key']%]
- A JSON array containing the results of the SQL statement. Each entry in the JSON array is a JSON object, where the key corresponds to the database column name. The index i starts with 0.
- [%$<action name>.RESULT.updateCount%]
- For an update statement: the number of affected rows in the database. Otherwise, the value is always 0.
Note
The entered statement is executed as Prepared-Statement, so that no so-called SQL-Injection is possible. Therefore do not use quotation marks.
Correct
INSERT INTO test_table (firstname, lastname) values ([%tffirstname%], [%tfname%])
False.
INSERT INTO test_table (firstname, lastname) values ('[%tffirstname%]', '[%tfname%]')