Hi,
Iv added support for (up to 4 ) parameters in the custom SQL report.
Nothing fancy , it just ises the standart Format function of WxWidget.
Parameter 1 is %1$s in the query , Parameter 2 is %2$s,..
The path is in the zip file.
PATCH: CustomSql report with Parameters
Moderator: Renato
PATCH: CustomSql report with Parameters
- Attachments
-
- CustomSQL-Paramters.zip
- (1.37 KiB) Downloaded 582 times
-
- Developer
- Posts: 1535
- Joined: Sat Dec 06, 2008 2:27 pm
- Are you a spam bot?: No
- Location: Sankt-Petersburg, Russia
Re: PATCH: CUstomSql report with Parameters
Hi,
I can not apply this patch.
I try to use GNU Patch.exe for Windows.
Could you, please, upload the .cpp file completely?
Or explain how to make a patch in MS Windows. I use Windows XP and Visual Studio 2008 C++ Express edition + the Platform SDK + wxWidgets.
Thanks
I can not apply this patch.
I try to use GNU Patch.exe for Windows.
Could you, please, upload the .cpp file completely?
Or explain how to make a patch in MS Windows. I use Windows XP and Visual Studio 2008 C++ Express edition + the Platform SDK + wxWidgets.
Thanks
Re: PATCH: CUstomSql report with Parameters
Hi , I've made the patch with subversion's TortoiseSVN.
I'll attatch the files ( customsqldialog.h & customsqldialog.cpp )
I'll attatch the files ( customsqldialog.h & customsqldialog.cpp )
- Attachments
-
- fullFiles.zip
- (4 KiB) Downloaded 619 times
-
- Developer
- Posts: 1535
- Joined: Sat Dec 06, 2008 2:27 pm
- Are you a spam bot?: No
- Location: Sankt-Petersburg, Russia
Re: PATCH: CUstomSql report with Parameters
Hi,
I like this feature.
But when you start Custom SQL Dialog the cursor in the field Param1 but not in Custom SQL Query.
And how to translate Param1, 2 etc to other languages?
I like this feature.
But when you start Custom SQL Dialog the cursor in the field Param1 but not in Custom SQL Query.
And how to translate Param1, 2 etc to other languages?
-
- Developer
- Posts: 1535
- Joined: Sat Dec 06, 2008 2:27 pm
- Are you a spam bot?: No
- Location: Sankt-Petersburg, Russia
Re: PATCH: CUstomSql report with Parameters
Hi,
Could you, please, explain how to make the script work:
Could you, please, explain how to make the script work:
Code: Select all
select * from alldata where Date=%1$s
Re: PATCH: CUstomSql report with Parameters
select * from alldata where Date='%1$s'
Just added the surrounding single quotes.
Just added the surrounding single quotes.
Re: PATCH: CUstomSql report with Parameters
Hello, will this change affect any existing custom sql scripts?
Re: PATCH: CustomSql report with Parameters
Hi madhan,
sqlQuery_ = wxString::Format(queryBox_->GetValue().c_str()
, mmCleanString(customVal1->GetValue()).c_str()
, mmCleanString(customVal2->GetValue()).c_str()
, mmCleanString(customVal3->GetValue()).c_str()
, mmCleanString(customVal4->GetValue()).c_str()
);
Where customVal1,etc are just the added textbox on the form.
I've tested sql scripts with & without parameters.
This is just a quick way to add support for parametrized query . I'm aware that it I can make some SQL injection here (since it just uses the Format() method).
I'm not really sure how to make this more robust & user friendly : instead of using %1$s something like %1 or {1},... as well as input validation to avoid SQL injection.
On a side note, I've received the following questions from Nikolay wi
-> I'm not sure how mmex does it's translations.
It should not, basically sqlQuery_ = queryBox_->GetValue(); has been replaced byHello, will this change affect any existing custom sql scripts?
sqlQuery_ = wxString::Format(queryBox_->GetValue().c_str()
, mmCleanString(customVal1->GetValue()).c_str()
, mmCleanString(customVal2->GetValue()).c_str()
, mmCleanString(customVal3->GetValue()).c_str()
, mmCleanString(customVal4->GetValue()).c_str()
);
Where customVal1,etc are just the added textbox on the form.
I've tested sql scripts with & without parameters.
This is just a quick way to add support for parametrized query . I'm aware that it I can make some SQL injection here (since it just uses the Format() method).
I'm not really sure how to make this more robust & user friendly : instead of using %1$s something like %1 or {1},... as well as input validation to avoid SQL injection.
On a side note, I've received the following questions from Nikolay wi
And how to translate Param1, 2 etc to other languages
-> I'm not sure how mmex does it's translations.
-> I don't know how to set the focus in WxWidget in the correct user control.But when you start Custom SQL Dialog the cursor in the field Param1 but not in Custom SQL Query.