Select SQL 列获得闪亮
Select SQL column to get in shiny
shiny 和 SQL 服务器已链接。
通过shiny输入指定搜索条件成功
是不是可以select在shiny的输出中通过这种方式获取列名?
ui.R
shinyUI(
fluidPage(
selectInput("select","select", choices = c("CountryCode","District","NAME")),
textInput("ID","ID"),
actionButton("go", "go"),
tableOutput("table"),
tableOutput("tablee")
)
)
server.R
shinyServer(function(input, output) {
observeEvent(input$go,{
output$table <- renderTable({
sql <- 'SELECT ?select FROM City;'
query <- sqlInterpolate(pool, sql, select = input$select)
dbGetQuery(pool, query)
})
})
output$tablee <- renderTable({
sql <- "SELECT * FROM City WHERE ID = ?ID;"
query <- sqlInterpolate(pool, sql, ID = input$ID)
dbGetQuery(pool, query)
})
})
global.R
library(shiny)
library(DBI)
library(pool)
pool <- dbPool(
drv = RMySQL::MySQL(),
dbname = "shinydemo",
host = "shiny-demo.csa7qlmguqrf.us-east-1.rds.amazonaws.com",
username = "guest",
password = "guest"
)
此答案包含您的第一次查询尝试:
observeEvent(input$go,{
output$table <- renderTable({
sql <- 'SELECT ?select FROM City;'
query <- sqlInterpolate(pool, sql, select = input$select)
dbGetQuery(pool, query)
})
})
不,您不能这样做,因为 SQL 中的预准备语句只能对数据使用占位符,不能对数据库对象(例如 table 和列名)使用占位符。您必须使用粘贴来构建查询:
observeEvent(input$go,{
output$table <- renderTable({
sql <- paste("SELECT", input$select, "FROM City;")
dbGetQuery(pool, sql)
})
})
但请注意,假设 input$select 来自外部,这种方法可能容易受到 SQL 注入。这个问题的一个典型解决方法是准备一些准备好的语句,然后根据外部输入 select 适当的语句,例如:
observeEvent(input$go,{
output$table <- renderTable({
sql1 <- "SELECT name FROM City;"
sql2 <- "SELECT state FROM City;"
query <- ifelse(input$select == "name", sql1, sql2)
dbGetQuery(pool, query)
})
})
shiny 和 SQL 服务器已链接。
通过shiny输入指定搜索条件成功
是不是可以select在shiny的输出中通过这种方式获取列名?
ui.R
shinyUI(
fluidPage(
selectInput("select","select", choices = c("CountryCode","District","NAME")),
textInput("ID","ID"),
actionButton("go", "go"),
tableOutput("table"),
tableOutput("tablee")
)
)
server.R
shinyServer(function(input, output) {
observeEvent(input$go,{
output$table <- renderTable({
sql <- 'SELECT ?select FROM City;'
query <- sqlInterpolate(pool, sql, select = input$select)
dbGetQuery(pool, query)
})
})
output$tablee <- renderTable({
sql <- "SELECT * FROM City WHERE ID = ?ID;"
query <- sqlInterpolate(pool, sql, ID = input$ID)
dbGetQuery(pool, query)
})
})
global.R
library(shiny)
library(DBI)
library(pool)
pool <- dbPool(
drv = RMySQL::MySQL(),
dbname = "shinydemo",
host = "shiny-demo.csa7qlmguqrf.us-east-1.rds.amazonaws.com",
username = "guest",
password = "guest"
)
此答案包含您的第一次查询尝试:
observeEvent(input$go,{
output$table <- renderTable({
sql <- 'SELECT ?select FROM City;'
query <- sqlInterpolate(pool, sql, select = input$select)
dbGetQuery(pool, query)
})
})
不,您不能这样做,因为 SQL 中的预准备语句只能对数据使用占位符,不能对数据库对象(例如 table 和列名)使用占位符。您必须使用粘贴来构建查询:
observeEvent(input$go,{
output$table <- renderTable({
sql <- paste("SELECT", input$select, "FROM City;")
dbGetQuery(pool, sql)
})
})
但请注意,假设 input$select 来自外部,这种方法可能容易受到 SQL 注入。这个问题的一个典型解决方法是准备一些准备好的语句,然后根据外部输入 select 适当的语句,例如:
observeEvent(input$go,{
output$table <- renderTable({
sql1 <- "SELECT name FROM City;"
sql2 <- "SELECT state FROM City;"
query <- ifelse(input$select == "name", sql1, sql2)
dbGetQuery(pool, query)
})
})