Page 1 of 1
PATCH: CustomSql report with Parameters
Posted: Wed Aug 12, 2009 2:27 pm
by yvl
Hi,
Iv added support for (up to 4 ) parameters in the custom SQL report.
Nothing fancy , it just ises the standart Format function of WxWidget.
Parameter 1 is %1$s in the query , Parameter 2 is %2$s,..
CustomSQL.jpg
The path is in the zip file.
Re: PATCH: CUstomSql report with Parameters
Posted: Thu Aug 13, 2009 7:58 am
by Nikolay
Hi,
I can not apply this patch.
I try to use GNU Patch.exe for Windows.
Could you, please, upload the .cpp file completely?
Or explain how to make a patch in MS Windows. I use Windows XP and Visual Studio 2008 C++ Express edition + the Platform SDK + wxWidgets.
Thanks
Re: PATCH: CUstomSql report with Parameters
Posted: Thu Aug 13, 2009 3:36 pm
by yvl
Hi , I've made the patch with subversion's TortoiseSVN.
I'll attatch the files ( customsqldialog.h & customsqldialog.cpp )
Re: PATCH: CUstomSql report with Parameters
Posted: Fri Aug 14, 2009 6:42 am
by Nikolay
Hi,
I like this feature.
But when you start Custom SQL Dialog the cursor in the field Param1 but not in Custom SQL Query.
And how to translate Param1, 2 etc to other languages?
Re: PATCH: CUstomSql report with Parameters
Posted: Sat Aug 15, 2009 6:27 am
by Nikolay
Hi,
Could you, please, explain how to make the script work:
Code: Select all
select * from alldata where Date=%1$s
Re: PATCH: CUstomSql report with Parameters
Posted: Tue Aug 18, 2009 12:49 pm
by yvl
select * from alldata where Date='%1$s'
Just added the surrounding single quotes.
dates.jpg
Re: PATCH: CUstomSql report with Parameters
Posted: Mon Aug 24, 2009 6:42 pm
by madhan
Hello, will this change affect any existing custom sql scripts?
Re: PATCH: CustomSql report with Parameters
Posted: Tue Aug 25, 2009 8:35 am
by yvl
Hi madhan,
Hello, will this change affect any existing custom sql scripts?
It should not, basically sqlQuery_ = queryBox_->GetValue(); has been replaced by
sqlQuery_ = wxString::Format(queryBox_->GetValue().c_str()
, mmCleanString(customVal1->GetValue()).c_str()
, mmCleanString(customVal2->GetValue()).c_str()
, mmCleanString(customVal3->GetValue()).c_str()
, mmCleanString(customVal4->GetValue()).c_str()
);
Where customVal1,etc are just the added textbox on the form.
I've tested sql scripts with & without parameters.
This is just a quick way to add support for parametrized query . I'm aware that it I can make some SQL injection here (since it just uses the Format() method).
I'm not really sure how to make this more robust & user friendly : instead of using %1$s something like %1 or {1},... as well as input validation to avoid SQL injection.
On a side note, I've received the following questions from Nikolay wi
And how to translate Param1, 2 etc to other languages
-> I'm not sure how mmex does it's translations.
But when you start Custom SQL Dialog the cursor in the field Param1 but not in Custom SQL Query.
-> I don't know how to set the focus in WxWidget in the correct user control.