In this post, we’re going to take a look at the R in CRUD: Retrieve.
We will be using the ruby-oci8 driver to retrieve some data from the database tables, using the connection object created in the Initial Setup section of the first post in this series.
Simple query
We will perform a simple query that pulls all of the records in no particular order. Here are the steps we’ll follow in the code snippet below.
- Create the connection object. We will use this object to perform our database operations.
- Define the SQL SELECT statement, specifying the columns desired from the table.
- Create a cursor by parsing the statement.
- Execute the cursor.
- Fetch and loop through the rows.
- Print each row.
1 2 3 4 5 6 7 8 |
# Query all rows con = OCI8.new(connectString) statement = 'select id, name, age, notes from lcs_people' cursor = con.parse(statement) cursor.exec cursor.fetch() {|row| print row } |

1 |
[#<BigDecimal:15bcb00,'0.1E1',9(18)>, "Bob", #<BigDecimal:15bc790,'0.35E2',9(18)>, "I like dogs"][#<BigDecimal:15bd1b8,'0.2E1',9(18)>, "Kim", #<BigDecimal:193bf60,'0.27E2',9(18)>, "I like birds"] |
1 |
printf "Id: %d, Name: %s, Age: %d, Notes: %s\n", row[0], row[1], row[2], row[3] |
1 2 |
Id: 1, Name: Bob, Age: 35, Notes: I like dogs Id: 2, Name: Kim, Age: 27, Notes: I like birds |
Extra Fun 1
Modify the statement to order by age. When you’re done the results should be:
1 2 |
Id: 2, Name: Kim, Age: 27, Notes: I like birds Id: 1, Name: Bob, Age: 35, Notes: I like dogs |
Select specific rows
Now suppose I only want to see the data for Kim. I want, therefore, to restrict the rows returned by the SELECT. This is done with a WHERE clause. There are several ways to do this.
We could just put the where clause in the statement and it would work.
1 |
statement = "select id, name, age, notes from lcs_people where name = 'Kim'" |
However, we want to choose the name at run time and store it in a variable called person_name. You could accept the value in as an argument passed into a function, but we’ll just set a variable to keep it simple.
1 |
person_name = 'Kim' |
It is possible to simply concatenate the value into the statement.
1 |
statement = "select id, name, age, notes from lcs_people where name = '#{person_name}'" |
This is very dangerous and opens our code to a SQL Injection attack. You can follow that link for more information, but we won’t be going into detail in this series. Just know that you should, generally, never allow end user input to be fed directly into a dynamic SQL statement.
A much safer way to pass external values into the SQL statement is by using bind variables with prepared statements.
You have a couple different options:
Positional:
1 2 3 4 5 6 7 8 9 |
statement = "select id, name, age, notes from lcs_people where name = :1 and age = :2" cursor = con.parse(statement) cursor.bind_param(1, 'Bob') cursor.bind_param(2, 35) statement = "select id, name, age, notes from lcs_people where name = :2 and age = :1" cursor = con.parse(statement) cursor.bind_param(1, 'Bob') cursor.bind_param(2, 35) |
Positional bind parameters will us an integer as the key in bind_param().
Named:
1 2 3 4 5 6 7 8 9 |
statement = "select id, name, age, notes from lcs_people where name = :name and age = :age" cursor = con.parse(statement) cursor.bind_param('name', 'Bob') cursor.bind_param('age', 35) statement = "select id, name, age, notes from lcs_people where name = :age and age = :name" cursor = con.parse(statement) cursor.bind_param('age', 'Bob') cursor.bind_param('name', 35) |
In the second example, I switched the labels in the SQL, and I also had to switch the keys in the bind_parameter calls so the correct value is still used.
Notice, in both examples, that we do not wrap the bind variable for the name with quotes. This is handled automatically when the statement is prepared for execution.
Example:
- Create the connection object.
- Create the person_name variable and assign it a value of ‘Kim’.
- Define the SQL SELECT statement, specifying the columns desired from the table.
- Create a cursor by parsing the statement.
- Bind the value of person_name to :name.
- Execute the cursor.
- Fetch and loop through the rows.
- Print each row.
1 2 3 4 5 6 7 8 9 10 11 |
# Query for Kim con = OCI8.new(connectString) person_name = 'Kim' statement = "select id, name, age, notes from lcs_people where name=:name" cursor = con.parse(statement) cursor.bind_param('name', person_name) cursor.exec cursor.fetch() {|row| printf "Id: %d, Name: %s, Age: %d, Notes: %s\n", row[0], row[1], row[2], row[3] } |

1 |
Id: 2, Name: Kim, Age: 27, Notes: I like birds |
Extra Fun 2
Modify the statement and variable to get the people older than 30. When you’re done the results should be:
1 |
Id: 1, Name: Bob, Age: 35, Notes: I like dogs |
In this section, we took a look at some basic query functionality. When you experiment with more complex queries, if you run into problems leave a comment here or on twitter and we’ll find an answer together.
Some things you could try
- Join the lcs_people and lcs_pets table to get the people and their pets
- Only retrieve the person’s name and age
- Change the order to display in descending order.
Hint – If you have trouble getting a query to run in your code, try running it in SQL Plus or another database console tool. This will help determine if the problem is with the query or the code.
Series sections
Initial Setup
Create records
Retrieve records
Update records
Delete records
I doo not even know the way I ended up right here, but I assumed this pulish was once
great. I do not know who you’re but definitely you’re going to a famous blogger if you aren’t already.
Cheers!
That’s the post that i needed in the right time, great work! Helped me a lot in my hybrid capybara automation test project with ruby/oracle.