Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Archived » BIRT » Creating sql statement for data set securely
Creating sql statement for data set securely [message #668017] Tue, 03 May 2011 12:11 Go to next message
Olly is currently offline Olly Friend
Messages: 61
Registered: June 2010
Location: Florida
Member
I am trying to create the data set for a report. The way I am doing it is by string concatenation and then just doing dsHandle.setQueryText(query). I've been looking on any how-to's for a secure way of doing this. There will be a variable number of or statements in the where clause so I need some flexibility. For eg. "select * from table where ( name = ? or name = ? or ... ) and time between ( ? and ?)". Any help is greatly appreciated. To give you a better understanding of what I am doing, I have a .rptdesign file that already has a datasource and I'm just opening that .rptdesign file, modifying the data set and then running the report with the new sql query.

Report message to a moderator

Re: Creating sql statement for data set securely [message #668098 is a reply to message #668017] Tue, 03 May 2011 17:48 Go to previous messageGo to next message
Jason Weathersby is currently offline Jason WeathersbyFriend
Messages: 9167
Registered: July 2009
Senior Member
Are you using session values to fill in the parameters?

Jason

On 5/3/2011 8:11 AM, azuniga wrote:
> I am trying to create the data set for a report. The way I am doing it
> is by string concatenation and then just doing
> dsHandle.setQueryText(query). I've been looking on any how-to's for a
> secure way of doing this. There will be a variable number of or
> statements in the where clause so I need some flexibility. For eg.
> "select * from table where ( name = ? or name = ? or ... ) and time
> between ( ? and ?)". Any help is greatly appreciated. To give you a
> better understanding of what I am doing, I have a .rptdesign file that
> already has a datasource and I'm just opening that .rptdesign file,
> modifying the data set and then running the report with the new sql query.

Report message to a moderator

Re: Creating sql statement for data set securely [message #668235 is a reply to message #668098] Wed, 04 May 2011 15:41 Go to previous message
Olly is currently offline Olly Friend
Messages: 61
Registered: June 2010
Location: Florida
Member
No, I'm not using session values. I have checkboxes that the user can check if he wants that parameter to be shown on the report. Also, the user has 2 dateboxes, a start date/time and an end date/time box where he will enter the timeframe of the records he wants. So from there I build my string that I will then use to set the query text for the data set.

Report message to a moderator

Previous Topic:Exception Trying to Use Firebird
Next Topic:Export Data - Control Columns Availabe
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Sep 24 18:47:20 GMT 2024

Powered by FUDForum. Page generated in 0.03421 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly