Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Warning
titlePrevent SQL injection

When using Hash Variable that uses URL parameter or user-inputted value in the SQL query, ensure that these hash variable(s) are escaped in the query!

Make use of hash variable escape keywords, see Hash Variable - Escaping the Resultant Hash Variable.

Example of VULNERABLE query :

SELECT * FROM app_fd_sample_table WHERE  c_value = '#requestParam.id#'

To fix this, use ?sql hash variable escape:

SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id?sql#'

Introduction

JDBC Form Binder allows you to use custom SQL statements to retrieve and load records into your form fields. Similarly, you can write SQL statements to save the records in your form field into a database table.

...

JDBC Binders comes standard in Joget v6 and DX. If you are using Joget v5, you can download the JDBC Binders from Joget Marketplace.

Image Added

Figure 1: JDBC Binder selected as Load & Save Binder

JDBC Binder Properties

Configure JDBC Load Binder


Image Added

Figure 2: Configure JDBC Binder

NameDescription
Screens (Click to view)Load Binder

JDBC Binder selected (See Figure 1).

Datasource
  • Custom Datasource - setup to connect to an external database, has additional configuration.
  • Default Datasource- connect to the Joget database.

By selecting Default Datasource, the database your Joget is currently using will be selected. (See Figure 2).

Image Removed
Figure 1: Advance - Load & Save Binder

Image Removed
Figure 2: Configure Load JDBC Binder

Custom JDBC Driver

Custom JDBC Driver. This field is required when Custom Datasource is selected in Datasource above.

Example:

 com

 com.mysql.jdbc.Driver

Custom JDBC URL 

Custom JDBC URL. This field is required when Custom Datasource is selected in Datasource above.

Example:

 jdbc

 jdbc:mysql://localhost/jwdb?characterEncoding=UTF8&useSSL=false

Custom JDBC Username 

Custom JDBC Username. This field is required when Custom Datasource is selected in Datasource above.

Custom JDBC Password

Custom JDBC Password. This field is required when Custom Datasource is selected in Datasource above.

Info
titleTest the connection parameters

Click on the "Test Connection" button at the bottom of the page to quickly test out your configurations.

SQL SELECT Query for Load Binder

The SQL query specific to your database type (MySQL, MSSQL, Oracle, etc.). Use question mark ? in your query to represent the primary key or foreign key.

Code Block
languagesql
titleExample
linenumberstrue
SELECT
   * 
FROM
   app_fd_table 
WHERE
   id = ?
Note

If a column name contains reserved keywords, do ensure it is encapsulated properly.

For example for MySQL, if the column identifier itself contains a dot symbol ( . ), it should be encapsulated like this:

Code Block
languagesql
SELECT `myAppName.myColumn` FROM app_fd_myTable;
Info
titleTable & Column Naming
  • For database tables created by Joget Forms, Joget adds a "c_" in front of table column names (or "t_" if your column name starts with a number) and "app_fd_" in front of database table names.
  • If you use environment hash variables to store SQL query strings, use "?noescape" to escape SQL query strings in JDBC binders to prevent the "<>" "not equal" operator from being converted, i.e. disables XSS prevention checking. Read here for more information..

Handling for field workflow variable?

Click to select if you are using workflow variables mapping in your form elements. Not applicable for grid elements.

Handling for uploaded files?
Form to store uploaded files

Click to select if you are using file or image attachments in your form elements. Select form to store uploaded files only if you are using form grid or spreadsheet.

Configure JDBC Store Binder

Image Added

Figure 3: Configure Store JDBC Binder

Note


English

If a column name contains reserved keywords, do ensure it is encapsulated properly.

For example for MySQL, if the column identifier itself contains a dot symbol ( . ), it should be encapsulated like this:


Code Block
languagesql
SELECT `myAppName.myColumn` FROM app_fd_myTable;
NameDescriptionScreens (Click to view)
NameDescription
Store Binder

JDBC Binder selected (See Figure 1).

Datasource
  • Custom Datasource - setup to connect to an external database, has additional configuration.
  • Default Datasource - connect to the Joget database.

By selecting Default Datasource, the database your Joget is currently using will be selected. (See Figure 3).

Image Removed
Figure 3: Configure Store JDBC Binder

Custom JDBC Driver

Custom JDBC Driver. This field is required when Custom Datasource is selected in Datasource above.

 Example

Example:

 com

 com.mysql.jdbc.Driver

Custom JDBC URL 

Custom JDBC URL. This field is required when Custom Datasource is selected in Datasource above.

 Example

Example:

 

jdbc:mysql://localhost:3307/jwdb?characterEncoding=UTF8&useSSL=false

Custom JDBC Username 

Custom JDBC Username. This field is required when Custom Datasource is selected in Datasource above.

Custom JDBC Password

Custom JDBC Password. This field is required when Custom Datasource is selected in Datasource above.

Info
titleTest the connection parameters

Click on the "Test Connection" button at the bottom of the page to quickly test out your configurations.

SQL SELECT Query for store binder

The SQL query specific to your database type (MySQL, MSSQL, Oracle, etc.). Use syntax like {field_id} in query to inject submitted form data.

Code Block
languagesql
titleExample
linenumberstrue
SELECT
   * 
FROM
   app_fd_table 
WHERE
   id = 
'#requestParam.id#'
 {id}

Note: If you use JDBC in a form grid or spreadsheet for load or save binder, be advised the SQL syntax is different from form load or save binder. Kindly download and view the sample app for JDBC in a form grid or spreadsheet.

SQL INSERT Query

Use syntax like curly brackets {field_id} in query to inject submitted form data. 

Code Block
languagesql
titleExample
linenumberstrue
INSERT app_fd_table 
       (id, 
        c_name, 
        c_emailaddress) 
VALUES ({id}, 
        {name}, 
        {emailAddress}) 

You can use {uuid} to tell Joget to create a random unique id or a "Universally unique identifier". Example:

Code Block
languagesql
titleExample
linenumberstrue
INSERT app_fd_table
       (id,
        c_name,
        c_emailAddress
VALUES ({uuid},
        {name},
        {emailAddress})
Note: Be advised JDBC load/save binders cannot be used if your form or form grid has file or image attachment field elements. You will need to use the default Multirow Form Binder in this circumstance.

For JDBC SQL INSERT in a grid, use "{foreignKey}" syntax to populate the parent id into the child table foreign key value, as follows:
Code Block
INSERT app_fd_table_child (
	id,
	c_name,
	c_fk)
VALUES (
	{uuid},
	{name},
	{foreignKey})
SQL UPDATE Query

Use syntax like curly brackets {field_id} in query to inject submitted form data.

Code Block
languagesql
titleExample
linenumberstrue
UPDATE app_fd_table 
SET    id = {id}, 
       c_name = {name}, 
       c_emailaddress = {emailAddress}, 
       c_contacttel = {contactTel} 
WHERE  id = {id} 
SQL DELETE Query

SQL statement to delete form data records in Datalist/Grid element. Use syntax like curly brackets {id} in query to inject form data primary key value.

Code Block
languagesql
titleExample
linenumberstrue
DELETE
FROM
   app_fd_table 
WHERE
   id = {id}
Handling for field workflow variable?Click the checkbox if you are using workflow variables mapping in your form elements. The JDBC binder will copy the field value to the workflow variable when you submit the form if the form is mapped to a  process. Not applicable to grid elements.

Handling for uploaded files?
Form to store uploaded files

Click the checkbox if you are using file or image attachments in your form elements. The JDBC binder will save your file or image attachment into the ".\wflow" folder when you save the form. Select form to store uploaded files only if you are using a form grid or spreadsheet.

Understanding JDBC Errors

Error MessagesCauses And Solutions
Message on screen: Record cannot be foundThere is a JDBC configuration error. Check the joget.log file for more information.
The rest of the error messages below are found in the \apache-tomcat-x.x.xx\logs\joget.log file.
ERROR org.joget.plugin.enterprise.JdbcLoadBinder - org.apache.commons.dbcp.SQLNestedException:
Cannot load JDBC driver class
The property  Custom JDBC Driver is incorrect
ERROR org.joget.plugin.enterprise.JdbcLoadBinder - org.apache.commons.dbcp.SQLNestedException:
Cannot create PoolableConnectionFactory (Could not connect to address=(host=localhost)(port=3306)(type=master) : Socket fail to connect to host:localhost, port:3306. Connection refused: connect)
The property  Custom JDBC URL  is incorrect
ERROR org.joget.plugin.enterprise.JdbcLoadBinder - org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Could not connect to address=(host=localhost)(port=3307)(type=master) : Access denied for user 'xxxx'@'localhost' (using password: YES)The property Custom JDBC Username  or  Custom JDBC Password is incorrect.

ERROR org.joget.plugin.enterprise.JdbcLoadBinder - java.sql.SQLSyntaxErrorException: .....

The property SQL SELECT Query is incorrect. Do also check the SQL lower or upper case spelling on table and column names, especially if you are running a database on a Linux OS which is case sensitive.
ERROR org.joget.plugin.enterprise.JdbcLoadBinder - java.sql.SQLException: Could not set parameter at position 1 (values was '?') Query - conn:506(M) - SELECT * FROM app_fd_table WHERE id = "?"

Do not enclosed the ? in single or double quotation marks. Correct syntax is

?

:

SELECT * FROM app_fd_table WHERE id = ?

ERROR org.joget.tutorial.JdbcOptionsBinder - com.microsoft.sqlserver.jdbc.SQLServerException:
The value is not set for the parameter number 2

DB error on JDBC Options with "Field ID to control available options based on Grouping". You can only pass one ? parameter in the SQL.

Related JDBC Binders

Download Demo Apps