0

I can access a MySQL database and store output to an R dataframe using the following script where sam_pn = walker

con <- dbConnect(MySQL(),
                 user = user,
                 password = password,
                 host = host,
                 dbname = dbname)

df = dbGetQuery(con, "SELECT *
                            FROM sam AS s
                            JOIN che AS c ON c.che_label = s.sam_label1
                            WHERE sam_pn =  'walker'")

But what i would like to do is store 'walker' as an R value pn and then use pn value in the sql query like below so i can vary the pn value.... but it does not work. The syntax is not right. Note sam and che are tables in the database

pn = 'walker'
df = dbGetQuery(con, "SELECT *
                            FROM sam AS s
                            JOIN che AS c ON c.che_label = s.sam_label1
                            WHERE sam_pn =  'pn'")
Improve this question
2
  • "Never" inject data into a query string, use bound parameters (or glue::glue_sql, though I generally recommend binding over glue). See db.rstudio.com/best-practices/run-queries-safely Commented Apr 27, 2022 at 15:50
  • Thanks for the link. I found the solution there. See below, Commented Apr 27, 2022 at 22:01

2 Answers 2

Reset to default
1 
pn = 'walker'
df = dbGetQuery(con, "SELECT *
                            FROM sam AS s
                            JOIN che AS c ON c.che_label = s.sam_label1
                            WHERE sam_pn =  ?",
      params = list(pn))
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for the code onyambu but this did not work. This is what I eventually did. ``` pn = 'walker' data = dbGetQuery(con, paste0("SELECT * FROM sam AS s JOIN che AS c ON c.che_label = s.sam_label1 WHERE sam_pn = '", pn ,"'")) ```
0

This is what worked in the end

pn = 'walker' 

data = dbGetQuery(con, paste0("SELECT *
                            FROM sam AS s
                            JOIN che AS c ON c.che_label = s.sam_label1
                            WHERE sam_pn =  '", pn ,"'"))
Improve this answer

5 Comments

Ummm, I think you misunderstood both my comment and the link. Injecting data like this into your query is really bad practice, for several reasons. I strongly suggest you look harder at @onyambu's answer and confirm that it works for you. If you can come back rationale why this must be the only answer and onyambu's clearly does not work, then I'll remove my downvote, otherwise I'll assert-by-vote that this way is not canonical, not good practice, and can lead to problems in performance if not other issues.
Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.
Thanks, @r2evans . I'll take your advice and concede to those more experienced than me and retry onyambu's method on the weekend and let you know.
@r2evans . Tried again and it definitely does not work. I get the follwing error.. Error in .local(conn, statement, ...) : unused argument (params = list("walker"))
OK, I found the problem with why that doesn't work ... RMySQL hasn't had any significant code updates in (for the most part) 7 years, before params= become part of DBI-spec. Because of the age of RMySQL, I really suggest you install the MySQL odbc driver (dev.mysql.com/downloads/connector/odbc) and switch from RMySQL package to the odbc package.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.