Hi I am new to SuiteQL and I wrote a function in my NS scrip NetSuite Professionals #suiteql

Hi I am new to SuiteQL and I wrote a function in ...

NSDev

05/10/2021, 9:22 PM

Hi I am new to SuiteQL and I wrote a function in my NS script that retrieves items based on their category.

Copy code

export const getItemsByCategory = ({ categoryIds }) => {
  return query.runSuiteQL({
    query: `SELECT item.id, itemid as name
            FROM item 
            WHERE  custitem_category in (?)`,
    params: categoryIds
  }).asMappedResults()
}

categoryIds is an array of ids. When I pass in one id, it works, but when I pass in 2 ids:

Copy code

getItemsByCategory({categoryIds:[224,155]})

I get this error:

Copy code

message: 'Invalid number of parameters. Expected: 1. Provided: 2.',
  object: {
    type: 'error.SuiteScriptError',
    name: 'INVALID_NUMBER_OF_PARAMETERS',
    message: 'Invalid number of parameters. Expected: 1. Provided: 2.',

Can anyone help?

battk

05/10/2021, 9:43 PM

the params parameters has specific functionality for arrays. honestly I would describe it such that params is supposed to be an array

battk

05/10/2021, 9:44 PM

you are also limited to what types of values can be in param, which probably suggests that you can't parameterize an in clause

michoel

05/11/2021, 12:44 AM

I usually do something like this, though it is technically vulnerable to sql injection so might need to sanitize the ids if that is a concern

Copy code

export const getItemsByCategory = ({ categoryIds }) => {
  return query.runSuiteQL({
    query: `SELECT item.id, itemid as name
            FROM item 
            WHERE  custitem_category in (${categoryIds.join(",")})`
  }).asMappedResults()
}

Watz

05/11/2021, 9:44 AM

try

Copy code

getItemsByCategory({categoryIds:['224,155']})

params accept an array of strings, numbers or booleans. I believe each item in the array it mapped to each "?" in the order that they are entered in the SuiteQL.

NSDev

05/11/2021, 1:57 PM

Thanks for all your replies ! @Watz tried your suggestion but now got a different error: "Search error occurred: Invalid or unsupported search" . @michoel had a similar solution to yours that worked but was worried about sql injection. How do you protect against that? I'm not so familiar....

Watz

05/11/2021, 2:51 PM

It might need to be '"224","155"'

NSDev

05/11/2021, 3:24 PM

@Watz thanks but that gave the same error: "Search error occurred: Invalid or unsupported search"

michoel

05/12/2021, 12:00 AM

IMO the SQL injection risk in minimal considering that SuiteQL is read-only, and should generally be running under the same access the user anyways has (unless script has elevated permissions). I'd love to hear others' opinion on this. To sanitize you could do something like

const sanitizedCategoryIds = sanitizedCategoryIds.map((e) => Number(e));

. But thinking this through, probably the best option would be to use multiple placeholders:

Copy code

export const getItemsByCategory = ({ categoryIds }) => {
  return query.runSuiteQL({
    query: `SELECT item.id, itemid as name
            FROM item 
            WHERE  custitem_category in (${categoryIds.map((e) => "?").join(",")})``,
    params: categoryIds
  }).asMappedResults()
}

Watz

05/12/2021, 5:45 AM

@michoel, looks better. I wouldn't worry about SQL-injection either in this case.

NSDev

05/12/2021, 2:26 PM

Thanks @michoel and @Watz! very helpful!

499 Views

Open in Slack

Previous Next