0

I am trying to delete a record sing record Id in DB. Am using jitterbit script.

I have tried below script:

<trans>
$recIdVar = "003M000001I8PtGIAV"; 
DBExecute("<TAG>endpoint:database/My Database</TAG>", "Delete From Contact where Id ="+Quote($recIdVar),
  "1");

Its giving me below error:

Failed to test expression: DBExecute failed to execute SQL statement "Delete From Contact where Id ="003M000001I8PtGIAV"". 'endpoint:database/My Database' is not a valid Source/Target identifier. Error occurred when evaluating function at line 3 DBExecute(

</trans>
Panagiotis Kanavos
  • 120,703
  • 13
  • 188
  • 236
Daniel
  • 79
  • 1
  • 10
  • DON'T use the `script` tag. Every SO question is about scripts one way or another. It's no better than adding `code` as a tag. That tag is just noise, it was deleted in the past and will be deleted very soon again. – Panagiotis Kanavos Apr 20 '21 at 15:46
  • Can you suggest me way to add database connection as target in above script? – Daniel Apr 20 '21 at 16:31
  • 1
    In SQL, the language, double quotes are used to quote database objects like table names, columns etc. You can write eg `select * from "myTable"`. You need to use single quotes to specify strings: `Delete From Contact where Id ='003M000001I8PtGIAV'`. BUT the big problem is the SQL injection problem you just run into. What if `reIdVar` contained `'; drop table users; --` ? No amount of quoting, escaping or sanitizing can prevent such attacks. This is avoided by used parameterized queries/server-bound parameters but it looks like `DbExecute` doesn't allow input parameters. – Panagiotis Kanavos Apr 20 '21 at 17:05

0 Answers0