|
| Re: setting parameters [message #718611 is a reply to message #718594] |
Wed, 24 August 2011 19:56   |
|
You can access a data set parameter in the beforeOpen using inputParams
array.
inputParams["param_1"] = somevalue;
Jason
On 8/24/2011 3:31 PM, marc.marshall wrote:
> I have a Dataset that I have created in Java and it contains a
> BeforeOpen event handler. I dynamically create the prepared statement
> query and it is dependent on the three Report parameters values to what
> the prepared statement query will look like with in the BeforeOpen event
> handler. I could have 0 - 3 parameters that need to be populated on my
> dataset when the prepared statement is created. Is there any way to
> populate my dataset parameters in the BeforeOpen method on my dataset?
> Thanks for your suggestions and time.
>
> Thanks,
>
> Marc
|
|
|
|
| Re: setting parameters [message #718626 is a reply to message #718615] |
Wed, 24 August 2011 21:33 |
|
What version of BIRT are you using? I can get it like the following in 2.6.
@Override
public void beforeOpen(IDataSetInstance dataSet,
IReportContext reportContext) {
try{
Logger logger =
reportContext.getReportRunnable().getReportEngine().getLogger();
logger.log(Level.INFO,"test");
Object val = dataSet.getInputParameters().get("param_1");
dataSet.setInputParameterValue("param_1", new Integer(10102));
}catch(Exception e){
e.printStackTrace();
}
}
Jason
On 8/24/2011 4:42 PM, marc.marshall wrote:
> Jason,
>
> I have a Java Class with a BeforeOpen method that I have created to
> build the dataset query. I have tried to do this in the javascript
> BeforeOpen on my dataset and it no longer executes my Java Class when
> this code is in place. In the BeforeOpen I have the IDataSetInstance and
> the IReportContext objects being passed into the method. Is there any
> equivalent code in Java to set the parameter of my dataset? Thanks for
> any time and suggestions.
> Thanks,
>
> Marc
|
|
|
|
|
| Re: setting parameters [message #718919 is a reply to message #718845] |
Thu, 25 August 2011 15:25 |
|
Marc,
In that case I would not use a dataset parameter. Can you post an
example of how the query is being built? Where do you get the 0-3
parameters?
Jason
On 8/25/2011 9:35 AM, marc.marshall wrote:
> Jason,
>
> I forgot to say that I am creating my prepared statement dynamically. I
> can have 0-3 parameters that are needed by the dynamically created
> prepared statement. Therefore I am unable to create the parameters up
> front or I will get errors. Thanks for your time and suggestions.
> Thanks,
>
> Marc
|
|
|
| Re: setting parameters [message #718930 is a reply to message #718919] |
Thu, 25 August 2011 15:58 |
 marc.marshall
Messages: 30
Registered: June 2011 |
Member |
|
|
Jason,
This is an example of how I build my prepared statement. There are 4 report parameters "name", "number", "type" and "company" this information is what builds the following prepared statement:
sql = sql
+ "select A.KYVENID, "
+ "A.VENNAME, "
+ "A.VENSTATUS, "
+ "A.VENPHONE, "
+ "A.XADATASTATUS, "
+ "A.XAAUDITUID, "
+ "A.XAAUDITTS, "
+ "A.COMPANY, "
+ "A.VENNUM, "
+ "A.VENABOUT, "
+ "A.VENCONTACT, "
+ "A.VENEMAIL, "
+ "A.VENSTREET, "
+ "A.VENCITY, "
+ "A.VENZIP, "
+ "A.REMARKS, "
+ "from DATA.VENDORINFO A, " + "DATA.MASTERLIST B ";
sql = sql + "where ";
if (vname != null) {
if (vname.length() != 0) {
searchPercent = vname.indexOf("%");
searchUnderscore = vname.indexOf("_");
textAdded = true;
if (searchPercent == -1 && searchUnderscore == -1) {
sql = sql + "A.VENNAME = ?";
} else {
sql = sql + "A.VENNAME like ?";
}
}
}
if (textAdded) {
sql = sql + " and ";
}
textAdded = false;
if (vnumber != null) {
if (vnumber.length() != 0) {
searchPercent = vnumber.indexOf("%");
searchUnderscore = vnumber.indexOf("_");
textAdded = true;
if (searchPercent == -1 && searchUnderscore == -1) {
sql = sql + "A.VENNUM = ?";
} else {
sql = sql + "A.VENNUM like ?";
}
}
}
if (textAdded) {
sql = sql + " and ";
}
textAdded = false;
if (vtype != null) {
if (vtype.length() != 0) {
searchPercent = vtype.indexOf("%");
searchUnderscore = vtype.indexOf("_");
textAdded = true;
if (searchPercent == -1 && searchUnderscore == -1) {
sql = sql + "B.MLDESCRIPTION = ?";
} else {
sql = sql + "B.MLDESCRIPTION like ?";
}
}
}
if (textAdded) {
sql = sql + " and ";
}
sql = sql + "A.COMPANY = ?"
+ " and B.KYMASTERLISTID = CAST(A.VENTYPE as INTEGER)";
dataset.setQueryText(sql);
|
|
|
| Re: setting parameters [message #718962 is a reply to message #718930] |
Thu, 25 August 2011 16:20 |
|
Marc,
I assume you want the ? tied to one of the report parameter? If so,
skip the ? and reference the report parameter directly like:
String myparm = reportContext.getParameterValue("name");
sql = sql + "A.VENNAME = " + myparm;
Jason
On 8/25/2011 11:58 AM, marc.marshall wrote:
> sql = sql + "A.VENNAME = ?";
|
|
|
|
| Re: setting parameters [message #718993 is a reply to message #718971] |
Thu, 25 August 2011 17:29 |
|
If you are worried about sql injection, check and validate the values
before using them, or use session variables. You can access session
variables using
//js
reportContext.getHttpServletRequest().getSession().getAttribute("test");
in java it will depend on the container. I did the following in tomcat.
//added catalina.jar and servlet-api.jar to build path and used:
Object o = reportContext.getHttpServletRequest();
if( o instanceof org.apache.catalina.connector.RequestFacade){
RequestFacade co = (RequestFacade) o;
HttpSession ses = co.getSession();
Object myobj =ses.getAttribute("test");
}
Jason
On 8/25/2011 12:53 PM, marc.marshall wrote:
> Jason,
>
> The reason that I was using ? in the prepared statement was to stop the
> user from sql injection. I had read that a prepared statement helps stop
> the user from sql injection. I do understand that this prepared
> statement may not work though. Do you have any thoughts or suggestion on
> this matter? Thanks for your help that you have been giving me.
>
> Thanks,
>
> Marc
|
|
|
|
Powered by
FUDForum. Page generated in 0.02588 seconds
] 
Search
Help
Register
Login
Home
