How do I write a SQL UPDATE with dynamic columns

Retool-Admin · May 24, 2019, 10:49am

Hi all!
I was wondering how I can change the value of a dynamic value (the column is chosen through user input).
As an example, I built a form with three input values.

textinput1.value (Integer)
select1.value (String)
select2.value (String)

select2.value is used as an identifier (select a row). textinput1.value is the integer value I want to change in the column named as select1.value.

I've written the query as followed:

UPDATE table
SET {{ select1.value }} = {{ parseInt(textinput1.value) }}
WHERE agendaNaam = {{ select2.value }}

But then I get the following error:

You can clearly see the problem are the quotation marks in the select1.value.
So I've tried to overcome it with javascript but the code is not working:

select2.value.replace( /'/g, '' )

Is there any other way to fix this?
Thanks in advance,
Pello

dvdhsu · March 3, 2020, 6:00am

Hello! Thank you for the question! The reason dynamic column names aren’t supported is because we convert your SQL statement into a prepared statement to prevent SQL injection: https://docs.retool.com/docs/sql-queries#section-security

If you want, you can turn off prepared statements in the resources section. But that would expose you to potential SQL injection attacks from the end-users of your apps. LMK if that makes sense? Thanks!

Topic		Replies	Views
SQL query to postgres DB failing when using dynamic values 💬 Queries and Resources	3	120	October 17, 2024
Dynamically column name in a query 💬 Queries and Resources sql	4	2226	August 30, 2023
SQL Query to insert values into a table 💬 Queries and Resources javascript , sql	4	1785	January 4, 2024
Select from a different table depending on string interpolation 💬 Queries and Resources sql	2	249	September 9, 2024
How to create a dynamic query without changing resource settings? 💬 Queries and Resources sql	10	7117	August 3, 2023

How do I write a SQL UPDATE with dynamic columns

Related topics