When try to pass variable into query of database connector it gives error

hello ,

i m using on service task which give ti list of pant based on parameter of user's city i m using oracle 10 database connector .

Detail description ,

  1. perameter : NDS
  2. query : "Select title from plant_mst where unit_id=NDS"

this is perfactly run . but when i try dynamic query .

Select title from plant_mst where unit_id = " + city(variable- which store users city =NDS)

it gives error : Invelid Identifier . what i m doing wrong .

Here is server log :



I am having trouble avoiding sql injection through connectors. I happen to send as a parameter, a field in a form that is used by my clients as an input for comments and observations. They started inserting apostrophes characters ( ' ) which are the ones used in postgresql (my database) in functions.

So let's say i Call my function like Select approveRequest('$req_no', '$name', '$observations');

The variable observations is mapped to a text area input where my user inserted code like "PRODUCT DESCRIPTION: 2LT 2x2' KETCHUP"

BOS 6.2 - How to fill a form from a DB record? (step-by-step, *please*)

[My environment: Bonita BPM 6.2 (Community Edition) / Windows XP / MySQL database]


I’m a beginner in the BPM/Java/Groovy world and, although I’ve been able to do things like insertions and updates to a MySQL database from Bonita using forms and connectors, I have yet to find a clear, step-by-step method to do a Select query based on a value entered in a form by a user and fill out the rest of the form with the results of the Select.