R RODBC 将数字列表放入 IN() 语句中

发布于 2024-12-22 17:29:32 字数 588 浏览 1 评论 0原文

我查看了 '将 R 变量传递给 RODBC 的 sqlQuery多个条目？ '已经但似乎无法让它工作。我正在尝试在 SQL Server 2008 R2 数据库上从 R 执行 sqlQuery()。我正在尝试根据行号从大型数据库中获取样本。首先，我创建了一个随机数列表：

sampRowNum <- sample(seq(1,100000,1), 5000)

然后我尝试在查询中使用这些数字：

query1 <- sqlQuery(channel, paste("select *      
  FROM db where row_id in (", sampRowNum,")", sep=""))

我只从数据库中获取结果，其中 row_id 等于 sampRowNum 中的第一个数字。有什么建议吗？

原文

I've looked at the 'Pass R variable to RODBC's sqlQuery with multiple entries? ' already but can't seem to get it to work. I'm trying to do an sqlQuery() from R on a SQL Server 2008 R2 db. I'm trying to get a sample from a large db based on row numbers. First I created a list of random numbers:

sampRowNum <- sample(seq(1,100000,1), 5000)

Then I try to use those numbers in a query using:

query1 <- sqlQuery(channel, paste("select *      
  FROM db where row_id in (", sampRowNum,")", sep=""))

I get just the results from the db where the row_id is equal to the first number in sampRowNum. Any suggestions?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

温柔戏命师 2024-12-29 17:29:32

您没有正确粘贴您的查询。

如果单独运行 paste 语句，您将看到长度为 5000 的向量，因此 sqlQuery 仅执行其中的第一个，对应于samRowNum 中的第一个元素。

你想要做的事情更像是这样的：

paste("select * FROM db where row_id in (", 
    paste(sampRowNum,collapse = ","),")", sep="")

就像一个附加注释（因为我不得不做很多这样的事情......）用带有字符串的 IN 子句构建 sql 查询有点麻烦，因为您必须加上所有单引号：

vec <- letters[1:5]

paste("SELECT * FROM db WHERE col IN ('",
    paste(vec,collapse = "','"),"')",sep = "")

[1] "SELECT * FROM db WHERE col IN ('a','b','c','d','e')"

如果您经常这样做，您最终会编写一个小函数来为您粘贴字符向量。

与往常一样，如果您正在处理用户输入（例如在 Web 应用程序中），由于 SQL 注入攻击，这种 SQL 字符串操作并不好。在我的特殊情况下，这并不是什么大问题，但一般来说，如果您对输入值没有太多控制权，人们会更喜欢参数化查询。

You're not pasteing your query together correctly.

If you run the paste statement in isolation, you'll see that you get a vector of length 5000, so sqlQuery is only executing the first one of those, corresponding to the first element in samRowNum.

What you want to do is something more like this:

paste("select * FROM db where row_id in (", 
    paste(sampRowNum,collapse = ","),")", sep="")

Just as an added note (and since I've had to do stuff like this a lot...) constructing sql queries with an IN clause with strings is a bit more of a nuisance, since you have to tack on all the single quotes:

vec <- letters[1:5]

paste("SELECT * FROM db WHERE col IN ('",
    paste(vec,collapse = "','"),"')",sep = "")

[1] "SELECT * FROM db WHERE col IN ('a','b','c','d','e')"

If you do this a lot, you'll end up writing a little function that does that pasting of character vectors for you.

As always, this kind of SQL string manipulation is Not Good if you are dealing with user inputs (e.g. in a web app), due to SQL injection attacks. In my particular situation this isn't much of a concern, but in general people will prefer parametrized queries if you don't have much control over the input values.

回复收藏 0 原文

~没有更多了~