MMEX Discussion Forum

official forum for the Money Manager eX product
https://forum.moneymanagerex.org/

PATCH: CustomSql report with Parameters

https://forum.moneymanagerex.org/viewtopic.php?t=556

Page 1 of 1

PATCH: CustomSql report with Parameters

Posted: Wed Aug 12, 2009 2:27 pm
by yvl
Hi,
Iv added support for (up to 4 ) parameters in the custom SQL report.
Nothing fancy , it just ises the standart Format function of WxWidget.
Parameter 1 is %1$s in the query , Parameter 2 is %2$s,..
CustomSQL.jpg
(14.29 KiB) Downloaded 1908 times
The path is in the zip file.

Re: PATCH: CUstomSql report with Parameters

Posted: Thu Aug 13, 2009 7:58 am
by Nikolay
Hi,

I can not apply this patch.
I try to use GNU Patch.exe for Windows.
Could you, please, upload the .cpp file completely?
Or explain how to make a patch in MS Windows. I use Windows XP and Visual Studio 2008 C++ Express edition + the Platform SDK + wxWidgets.
Thanks

Re: PATCH: CUstomSql report with Parameters

Posted: Thu Aug 13, 2009 3:36 pm
by yvl
Hi , I've made the patch with subversion's TortoiseSVN.

I'll attatch the files ( customsqldialog.h & customsqldialog.cpp )

Re: PATCH: CUstomSql report with Parameters

Posted: Fri Aug 14, 2009 6:42 am
by Nikolay
Hi,

I like this feature.
But when you start Custom SQL Dialog the cursor in the field Param1 but not in Custom SQL Query.
And how to translate Param1, 2 etc to other languages?

Re: PATCH: CUstomSql report with Parameters

Posted: Sat Aug 15, 2009 6:27 am
by Nikolay
Hi,

Could you, please, explain how to make the script work:

Code: Select all

select * from alldata where Date=%1$s

Re: PATCH: CUstomSql report with Parameters

Posted: Tue Aug 18, 2009 12:49 pm
by yvl
select * from alldata where Date='%1$s'
Just added the surrounding single quotes.
dates.jpg
(15.46 KiB) Downloaded 1829 times

Re: PATCH: CUstomSql report with Parameters

Posted: Mon Aug 24, 2009 6:42 pm
by madhan
Hello, will this change affect any existing custom sql scripts?

Re: PATCH: CustomSql report with Parameters

Posted: Tue Aug 25, 2009 8:35 am
by yvl
Hi madhan,
Hello, will this change affect any existing custom sql scripts?
It should not, basically sqlQuery_ = queryBox_->GetValue(); has been replaced by
sqlQuery_ = wxString::Format(queryBox_->GetValue().c_str()
, mmCleanString(customVal1->GetValue()).c_str()
, mmCleanString(customVal2->GetValue()).c_str()
, mmCleanString(customVal3->GetValue()).c_str()
, mmCleanString(customVal4->GetValue()).c_str()
);

Where customVal1,etc are just the added textbox on the form.
I've tested sql scripts with & without parameters.

This is just a quick way to add support for parametrized query . I'm aware that it I can make some SQL injection here (since it just uses the Format() method).
I'm not really sure how to make this more robust & user friendly : instead of using %1$s something like %1 or {1},... as well as input validation to avoid SQL injection.

On a side note, I've received the following questions from Nikolay wi
And how to translate Param1, 2 etc to other languages

-> I'm not sure how mmex does it's translations.
But when you start Custom SQL Dialog the cursor in the field Param1 but not in Custom SQL Query.
-> I don't know how to set the focus in WxWidget in the correct user control.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited