英文:
Can't retrieve data from a function during login Oracle Apex
问题
I'm trying to retrieve the "RESPONSABLE" field from my EMPLOYES table during the login.
I created a function called "employe_resp" which SELECT the responsable column into a variable using the username and hashed password in the WHERE condition.
Here's the EMPLOYES table
Here's my function
my application item is called G_RESP
On my login page, I created this process :
When logging in, I have a "data not found" error. The problem seems to come from my SELECT statement inside my function, but I don't understand why, because when I execute the SELECT using raw datas in SQL Commands, it's working
Does anyone have a tip or a workaround ?
Thanks in advance
Thomas
英文:
I'm trying to retrieve the "RESPONSABLE" field from my EMPLOYES table during the login.
I created a function called "employe_resp" which SELECT the responsable column into a variable using the username and hashed password in the WHERE condition.
Here's my function
FUNCTION employe_resp (p_username IN VARCHAR2, p_password IN VARCHAR2)
RETURN VARCHAR2
IS
v_resp EMPLOYES.responsable%TYPE;
BEGIN
SELECT responsable
INTO v_resp
FROM EMPLOYES
WHERE UPPER(email) = UPPER(p_username)
AND pwd = hash_pwd(p_username, p_password);
RETURN v_resp;
END employe_resp;
my application item is called G_RESP
On my login page, I created this process :
When logging in, I have a "data not found" error. The problem seems to come from my SELECT statement inside my function, but I don't understand why, because when I execute the SELECT using raw datas in SQL Commands, it's working
Does anyone have a tip or a workaround ?
Thanks in advance
Thomas
答案1
得分: 1
这是您在该函数中使用的查询:
SELECT responsable
INTO v_resp
FROM EMPLOYES
WHERE UPPER(email) = UPPER(p_username)
AND pwd = hash_pwd(p_username, p_password);
hash_pwd
函数预期什么?您传递了 p_username
和 p_password
如它们本来的样子,但上面的行建议可能需要将 p_username
转换为大写。(p_password
呢?)
因此,您确定 hash_pwd
返回了正确的值吗?因为接下来您发布的 select
语句:
select responsable from employees
where email = 'ptutton2@unesco.org'
and pwd = 'AC9F...5F'
不是函数中确切的用法,因为您假定密码字符串是大写,而电子邮件是小写。
英文:
This is query you used in that function:
SELECT responsable
INTO v_resp
FROM EMPLOYES
WHERE UPPER(email) = UPPER(p_username)
AND pwd = hash_pwd(p_username, p_password);
What does hash_pwd
expect? You passed p_username
and p_password
as they are, but line above suggests that p_username
might need to be put into UPPERCASE. (What about p_password
?)
Therefore: are you sure that hash_pwd
returned correct value? Because, the next select
you posted:
select responsable from employees
where email = 'ptutton2@unesco.org'
and pwd = 'AC9F...5F'
isn't exactly what you use in function as you PRESUMED that password string is in uppercase and email in lowercase.
答案2
得分: 1
Concept 1: 认证(Authentication) - 这涉及用户登录应用程序。
Concept 2: 授权(Authorization) - 这涉及用户在应用程序中可以执行的操作。
请注意,您可以设置授权,以使用户无法访问应用程序中的任何功能。
密码仅在认证功能中需要。不要在认证过程中混合其他(授权)功能。而是创建应用程序进程(或计算)来填充应用程序项目G_RESP。要运行这些查询,不需要密码检查。
或者更好的做法是为每个用户角色/责任创建适当的授权方案。对于这些查询,也不需要密码检查。
英文:
I think there is something wrong with the logic here. There are 2 concepts and you're mixing them.
Concept 1:Authentication: this is about the user logging into the application
Concept 2:Authorization: this is about what the user can do in an application
Note that you can setup your authorization as such that a user does not have access to any functionality in the application.
The password is only needed in the authentication function. Do not mix other (authorization) functionality in the authentication process. Instead create application processes (or computations) to populate the application item G_RESP. To run those queries, no password check is needed.
Or even better, create appropriate authorization schemes for each user role/responsibility. No password checks are needed for those queries either.
答案3
得分: 0
未提交的数据只在创建它的会话中可见(如果未提交,会话结束时将会回滚)。如果你无法在另一个会话中看到数据(例如在Oracle Apex中),请确保在插入数据的客户端中发出了一个COMMIT
命令。
注意:即使以相同的用户连接,这也会创建一个单独的会话,你将无法在另一个会话中看到未提交的数据。
来自COMMIT
文档:
> 在提交事务之前:
>
> - 你可以通过查询修改过的表来查看你在事务中所做的任何更改,但其他用户无法看到这些更改。在你提交事务后,这些更改对于在提交后执行的其他用户语句是可见的。
> - 你可以使用ROLLBACK
语句回滚(撤消)在事务中所做的任何更改(参见ROLLBACK
)。
英文:
UnCOMMIT
ted data is only visible within the session that created it (and will ROLLBACK
at the end of the session if it has not been COMMIT
ted). If you can't see the data from another session (i.e. in Oracle Apex) then make sure you have issued a COMMIT
command in the client where you INSERT
ed the data.
Note: even if you connect as the same user, this will create a separate session and you will not be able to see the uncommitted data in the other session.
From the COMMIT
documentation:
> Until you commit a transaction:
>
> - You can see any changes you have made during the transaction by querying the modified tables, but other users cannot see the changes. After you commit the transaction, the changes are visible to other users' statements that execute after the commit.
> - You can roll back (undo) any changes made during the transaction with the ROLLBACK
statement (see ROLLBACK
).
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论