无法在登录时从Oracle Apex的函数中检索数据。

huangapple go评论58阅读模式
英文:

Can't retrieve data from a function during login Oracle Apex

问题

I'm trying to retrieve the "RESPONSABLE" field from my EMPLOYES table during the login.

I created a function called "employe_resp" which SELECT the responsable column into a variable using the username and hashed password in the WHERE condition.

Here's the EMPLOYES table

Here's my function

my application item is called G_RESP

On my login page, I created this process :

When logging in, I have a "data not found" error. The problem seems to come from my SELECT statement inside my function, but I don't understand why, because when I execute the SELECT using raw datas in SQL Commands, it's working

Does anyone have a tip or a workaround ?

Thanks in advance

Thomas

英文:

I'm trying to retrieve the "RESPONSABLE" field from my EMPLOYES table during the login.

I created a function called "employe_resp" which SELECT the responsable column into a variable using the username and hashed password in the WHERE condition.

Here's the EMPLOYES table
无法在登录时从Oracle Apex的函数中检索数据。

Here's my function

FUNCTION employe_resp (p_username IN VARCHAR2, p_password IN VARCHAR2)
RETURN VARCHAR2
IS
  v_resp EMPLOYES.responsable%TYPE;
BEGIN
  SELECT responsable
  INTO v_resp
  FROM EMPLOYES
  WHERE UPPER(email) = UPPER(p_username)
  AND pwd = hash_pwd(p_username, p_password);

  RETURN v_resp;
END employe_resp;

my application item is called G_RESP

On my login page, I created this process :
无法在登录时从Oracle Apex的函数中检索数据。

When logging in, I have a "data not found" error. The problem seems to come from my SELECT statement inside my function, but I don't understand why, because when I execute the SELECT using raw datas in SQL Commands, it's working

无法在登录时从Oracle Apex的函数中检索数据。

Does anyone have a tip or a workaround ?

Thanks in advance

Thomas

答案1

得分: 1

这是您在该函数中使用的查询:

SELECT responsable
  INTO v_resp
  FROM EMPLOYES
  WHERE UPPER(email) = UPPER(p_username)
  AND pwd = hash_pwd(p_username, p_password);

hash_pwd 函数预期什么?您传递了 p_usernamep_password 如它们本来的样子,但上面的行建议可能需要将 p_username 转换为大写。(p_password 呢?)

因此,您确定 hash_pwd 返回了正确的值吗?因为接下来您发布的 select 语句:

select responsable from employees 
where email = 'ptutton2@unesco.org'
  and pwd = 'AC9F...5F'

不是函数中确切的用法,因为您假定密码字符串是大写,而电子邮件是小写。

英文:

This is query you used in that function:

SELECT responsable
  INTO v_resp
  FROM EMPLOYES
  WHERE UPPER(email) = UPPER(p_username)
  AND pwd = hash_pwd(p_username, p_password);

What does hash_pwd expect? You passed p_username and p_password as they are, but line above suggests that p_username might need to be put into UPPERCASE. (What about p_password?)

Therefore: are you sure that hash_pwd returned correct value? Because, the next select you posted:

select responsable from employees 
where email = 'ptutton2@unesco.org'
  and pwd = 'AC9F...5F'

isn't exactly what you use in function as you PRESUMED that password string is in uppercase and email in lowercase.

答案2

得分: 1

Concept 1: 认证(Authentication) - 这涉及用户登录应用程序。

Concept 2: 授权(Authorization) - 这涉及用户在应用程序中可以执行的操作。

请注意,您可以设置授权,以使用户无法访问应用程序中的任何功能。

密码仅在认证功能中需要。不要在认证过程中混合其他(授权)功能。而是创建应用程序进程(或计算)来填充应用程序项目G_RESP。要运行这些查询,不需要密码检查。

或者更好的做法是为每个用户角色/责任创建适当的授权方案。对于这些查询,也不需要密码检查。

英文:

I think there is something wrong with the logic here. There are 2 concepts and you're mixing them.

Concept 1:Authentication: this is about the user logging into the application

Concept 2:Authorization: this is about what the user can do in an application

Note that you can setup your authorization as such that a user does not have access to any functionality in the application.

The password is only needed in the authentication function. Do not mix other (authorization) functionality in the authentication process. Instead create application processes (or computations) to populate the application item G_RESP. To run those queries, no password check is needed.

Or even better, create appropriate authorization schemes for each user role/responsibility. No password checks are needed for those queries either.

答案3

得分: 0

未提交的数据只在创建它的会话中可见(如果未提交,会话结束时将会回滚)。如果你无法在另一个会话中看到数据(例如在Oracle Apex中),请确保在插入数据的客户端中发出了一个COMMIT命令。

注意:即使以相同的用户连接,这也会创建一个单独的会话,你将无法在另一个会话中看到未提交的数据。

来自COMMIT文档

> 在提交事务之前:
>
> - 你可以通过查询修改过的表来查看你在事务中所做的任何更改,但其他用户无法看到这些更改。在你提交事务后,这些更改对于在提交后执行的其他用户语句是可见的。
> - 你可以使用ROLLBACK语句回滚(撤消)在事务中所做的任何更改(参见ROLLBACK)。

英文:

UnCOMMITted data is only visible within the session that created it (and will ROLLBACK at the end of the session if it has not been COMMITted). If you can't see the data from another session (i.e. in Oracle Apex) then make sure you have issued a COMMIT command in the client where you INSERTed the data.

Note: even if you connect as the same user, this will create a separate session and you will not be able to see the uncommitted data in the other session.

From the COMMIT documentation:

> Until you commit a transaction:
>
> - You can see any changes you have made during the transaction by querying the modified tables, but other users cannot see the changes. After you commit the transaction, the changes are visible to other users' statements that execute after the commit.
> - You can roll back (undo) any changes made during the transaction with the ROLLBACK statement (see ROLLBACK).

huangapple
  • 本文由 发表于 2023年7月3日 05:32:44
  • 转载请务必保留本文链接:https://go.coder-hub.com/76600881.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定