conversation NetSuite Professionals #suitescript

Join Slack

# suitescript

jen

07/30/2020, 9:24 PM

message has been deleted

Clay Roper

07/30/2020, 9:30 PM

I think it's a sequential array of values to replace

parameters in the query

Clay Roper

07/30/2020, 9:32 PM

So something like

Copy code

query.runSuiteQL({
  query: 'SELECT * FROM transaction WHERE id = ?',
  params: [ 123 ]
});

Not 100% on that, as I use string interpolation to construct queries.

erictgrubaugh

07/30/2020, 9:38 PM

Yeah ^ this is correct. See the Help page

Examples of Using SuiteQL in the N/query Module

in the last section

Use a SuiteQL Query in a Map/Reduce Script

jen

07/30/2020, 9:43 PM

hm ok

jen

07/30/2020, 9:43 PM

how would you use it with multiple parameters?

jen

07/30/2020, 9:43 PM

also: why is NetSuite documentation so horribly bad

Clay Roper

07/30/2020, 9:46 PM

Copy code

query.runSuiteQL({
  query: 'SELECT * FROM transaction WHERE statusref = ? AND entity = ?',
  params: [ A, 123 ]
});

Make sure the order of elements in the params array matches the order of appearance of the

in the query.

jen

07/30/2020, 9:46 PM

jen

07/30/2020, 9:46 PM

weird

Clay Roper

07/30/2020, 9:47 PM

Yeah, I'm not a fan. It's fragile and prone to breakage if you restructure your query -- especially for someone like yourself who's prone to mammoth queries 😆

jen

07/30/2020, 9:47 PM

I guess I don’t really see the use case for this, in the example you might as well just put the values right in the sql string

jen

07/30/2020, 9:47 PM

hey man this is my first try using SuiteQL, I gotta have a nice juicy SQL query

jen

07/30/2020, 9:48 PM

I found a solution to my LISTAGG problem by building a bitmask, lol

🎉 1

Clay Roper

07/30/2020, 9:48 PM

do tell!

jen

07/30/2020, 9:49 PM

well it’s a bit complicated. I wanted to have a list of all classes of business (one comma separated list per row of my results). Class of business in this case is stored in a custom record that’s linked up to the items.

jen

07/30/2020, 9:50 PM

In my inner SQL I did this:

POWER(10, (customrecord_subscriber_class.id - 1)) AS bitwise_lob

to convert the ID of the class to a number (e.g. 1, 10, 100, etc)

jen

07/30/2020, 9:50 PM

then in my outer SQL I’m doing this to determine which classes are involved for the grouped row:

Copy code

RTRIM(CASE WHEN SUBSTR(LPAD(SUM(DISTINCT bitwise_lob) || '', 11, '0'), 0, 1) = '1' THEN 'Equipment Breakdown, ' ELSE '' END
|| CASE WHEN SUBSTR(LPAD(SUM(DISTINCT bitwise_lob) || '', 11, '0'), 1, 1) = '1' THEN 'Excess, ' ELSE '' END
|| CASE WHEN SUBSTR(LPAD(SUM(DISTINCT bitwise_lob) || '', 11, '0'), 2, 1) = '1' THEN 'Crisis Management, ' ELSE '' END
|| CASE WHEN SUBSTR(LPAD(SUM(DISTINCT bitwise_lob) || '', 11, '0'), 3, 1) = '1' THEN 'Cyber, ' ELSE '' END
|| CASE WHEN SUBSTR(LPAD(SUM(DISTINCT bitwise_lob) || '', 11, '0'), 4, 1) = '1' THEN 'Crime, ' ELSE '' END
|| CASE WHEN SUBSTR(LPAD(SUM(DISTINCT bitwise_lob) || '', 11, '0'), 5, 1) = '1' THEN 'Stock & Transit, ' ELSE '' END
|| CASE WHEN SUBSTR(LPAD(SUM(DISTINCT bitwise_lob) || '', 11, '0'), 6, 1) = '1' THEN 'CEF, ' ELSE '' END
|| CASE WHEN SUBSTR(LPAD(SUM(DISTINCT bitwise_lob) || '', 11, '0'), 7, 1) = '1' THEN 'Env. Liability, ' ELSE '' END
|| CASE WHEN SUBSTR(LPAD(SUM(DISTINCT bitwise_lob) || '', 11, '0'), 8, 1) = '1' THEN 'Property, ' ELSE '' END
|| CASE WHEN SUBSTR(LPAD(SUM(DISTINCT bitwise_lob) || '', 11, '0'), 9, 1) = '1' THEN 'Mgmt. Liability, ' ELSE '' END
|| CASE WHEN SUBSTR(LPAD(SUM(DISTINCT bitwise_lob) || '', 11, '0'), 10, 1) = '1' THEN 'Prof. Liability, ' ELSE '' END
|| CASE WHEN SUBSTR(LPAD(SUM(DISTINCT bitwise_lob) || '', 11, '0'), 11, 1) = '1' THEN 'GL, ' ELSE '' END, ', ') AS lines_of_business,

jen

07/30/2020, 9:51 PM

basically I’ll have something like this ‘000001010101’ or whatever, and that represents which classes should be listed

jen

07/30/2020, 9:51 PM

the things I’ll do when I have no LISTAGG, no WM_CONCAT, and no ARRAY to use in SQL….sigh

Clay Roper

07/30/2020, 9:54 PM

I'm convinced you like to make mountains to climb when there are none around 🤣

jen

07/30/2020, 9:55 PM

I honestly could not figure out another way to do this purely in SQL

Clay Roper

07/30/2020, 9:55 PM

It's a great solution!

jen

07/30/2020, 9:55 PM

It works

jen

07/30/2020, 9:55 PM

and yes I like mountains, see my avatar 😉

stalbert

07/30/2020, 10:18 PM

I hate sql

✔️ 1

erictgrubaugh

07/30/2020, 10:19 PM

samesies

michoel

07/31/2020, 5:08 AM

Circling back to the beginning of the thread, the typical use case for parameterized queries is to avoid sql injection attacks.

Azi

07/31/2020, 6:04 AM

@michoel That definitely is the strong use case in raw sql, but is sql injection even possible within Netsuite? Does netsuite not sanitize queries?

michoel

07/31/2020, 6:12 AM

@Azi SuiteQL is read only which considerably minimizes the risk, but there could still be attack vectors if your code interpolates arbitrary strings from untrusted sources into sql

michoel

07/31/2020, 6:15 AM

Consider this hack for an example of how its possible to directly execute Oracle functions that NetSuite doesn't officially support by putting a comment on the middle of the formula

michoel

07/31/2020, 6:15 AM

https://blog.prolecto.com/2015/05/26/solving-the-netsuite-cumulative-saved-search-tally-challenge/

Azi

07/31/2020, 6:59 AM

😱

8 Views

Open in Slack

Previous Next