PATCH: CustomSql report with Parameters

Money Manager Ex Development related posts for both Android and Desktop

Moderator: Renato

Post Reply
yvl
New MMEX User
Posts: 4
Joined: Fri Jul 17, 2009 3:41 pm
Are you a spam bot?: No

PATCH: CustomSql report with Parameters

Post by yvl »

Hi,
Iv added support for (up to 4 ) parameters in the custom SQL report.
Nothing fancy , it just ises the standart Format function of WxWidget.
Parameter 1 is %1$s in the query , Parameter 2 is %2$s,..
CustomSQL.jpg
(14.29 KiB) Downloaded 1908 times
The path is in the zip file.
Attachments
CustomSQL-Paramters.zip
(1.37 KiB) Downloaded 575 times
Nikolay
MMEX Developer
Posts: 1535
Joined: Sat Dec 06, 2008 2:27 pm
Are you a spam bot?: No
Location: Sankt-Petersburg, Russia

Re: PATCH: CUstomSql report with Parameters

Post by Nikolay »

Hi,

I can not apply this patch.
I try to use GNU Patch.exe for Windows.
Could you, please, upload the .cpp file completely?
Or explain how to make a patch in MS Windows. I use Windows XP and Visual Studio 2008 C++ Express edition + the Platform SDK + wxWidgets.
Thanks
yvl
New MMEX User
Posts: 4
Joined: Fri Jul 17, 2009 3:41 pm
Are you a spam bot?: No

Re: PATCH: CUstomSql report with Parameters

Post by yvl »

Hi , I've made the patch with subversion's TortoiseSVN.

I'll attatch the files ( customsqldialog.h & customsqldialog.cpp )
Attachments
fullFiles.zip
(4 KiB) Downloaded 612 times
Nikolay
MMEX Developer
Posts: 1535
Joined: Sat Dec 06, 2008 2:27 pm
Are you a spam bot?: No
Location: Sankt-Petersburg, Russia

Re: PATCH: CUstomSql report with Parameters

Post by Nikolay »

Hi,

I like this feature.
But when you start Custom SQL Dialog the cursor in the field Param1 but not in Custom SQL Query.
And how to translate Param1, 2 etc to other languages?
Nikolay
MMEX Developer
Posts: 1535
Joined: Sat Dec 06, 2008 2:27 pm
Are you a spam bot?: No
Location: Sankt-Petersburg, Russia

Re: PATCH: CUstomSql report with Parameters

Post by Nikolay »

Hi,

Could you, please, explain how to make the script work:

Code: Select all

select * from alldata where Date=%1$s
yvl
New MMEX User
Posts: 4
Joined: Fri Jul 17, 2009 3:41 pm
Are you a spam bot?: No

Re: PATCH: CUstomSql report with Parameters

Post by yvl »

select * from alldata where Date='%1$s'
Just added the surrounding single quotes.
dates.jpg
(15.46 KiB) Downloaded 1829 times
madhan
Site Admin
Posts: 99
Joined: Sun Nov 30, 2008 8:06 pm

Re: PATCH: CUstomSql report with Parameters

Post by madhan »

Hello, will this change affect any existing custom sql scripts?
yvl
New MMEX User
Posts: 4
Joined: Fri Jul 17, 2009 3:41 pm
Are you a spam bot?: No

Re: PATCH: CustomSql report with Parameters

Post by yvl »

Hi madhan,
Hello, will this change affect any existing custom sql scripts?
It should not, basically sqlQuery_ = queryBox_->GetValue(); has been replaced by
sqlQuery_ = wxString::Format(queryBox_->GetValue().c_str()
, mmCleanString(customVal1->GetValue()).c_str()
, mmCleanString(customVal2->GetValue()).c_str()
, mmCleanString(customVal3->GetValue()).c_str()
, mmCleanString(customVal4->GetValue()).c_str()
);

Where customVal1,etc are just the added textbox on the form.
I've tested sql scripts with & without parameters.

This is just a quick way to add support for parametrized query . I'm aware that it I can make some SQL injection here (since it just uses the Format() method).
I'm not really sure how to make this more robust & user friendly : instead of using %1$s something like %1 or {1},... as well as input validation to avoid SQL injection.

On a side note, I've received the following questions from Nikolay wi
And how to translate Param1, 2 etc to other languages

-> I'm not sure how mmex does it's translations.
But when you start Custom SQL Dialog the cursor in the field Param1 but not in Custom SQL Query.
-> I don't know how to set the focus in WxWidget in the correct user control.
Post Reply