Now I'm trying to get Active4D to talk to the Postgres plugin
(PgSQL Plugin)
Issue #1:
WARNING!!!!
If you are building SQL statements in Active4D, you MUST, MUST, and
MUST be sure to strip the dynamically part of the string of any
possible statements like CREATE, ALTER, DELETE, etc. This is a
serious security hole.
I'll write something like:
$sql := 'select trans.tran_key,splits.split_key,trans.amount as
camount, splits.amount from trans,splits where trans.id =
splits.tran_id and split_key = \'$invnum\''
$cmd := 'PgSQL Select (%d;"%s")' % ($connection;$sql)
$rowset:= execute in 4d($cmd;*)
and the Plugin will barf on the command reporting an SQL error
around column 79, pointing to "fr", or the first couple of
characters of "from". This leads me to believe that the 4D execute
statement must be limited to an 80 character string.
The 4D execute statement is not limited to an 80 character string,
but the 4D language itself IS limited to string literals of 80
characters or less. That is the problem: you are building a single
literal string that is longer than 80 characters.
Here's the solution. Add this method to the a4d.utils.a4l library:
/
************************************************************************
***********
chopText
$inText -> Text to chop into 80-character chunks
RESULT <- Chopped text
Chops text into chunks concatenated with "+", suitable for passing
to 'execute in 4d'.
************************************************************************
***********/
method "chopText"($inText)
$result := ""
while (length($inText) > 80)
$result += substring($inText; 1; 80) + "\"+\""
$inText := substring($inText; 81)
end while
return ($result + $inText)
end method
Then your code becomes:
$sql := 'select trans.tran_key,splits.split_key,trans.amount as
camount, splits.amount from trans,splits where trans.id =
splits.tran_id and split_key = \'$invnum\''
$cmd := 'PgSQL Select(%d;"%s")' % ($connection; a4d.utils.chopText
($sql))
$rowset:= execute in 4d($cmd;*)
Works like a charm.
Regards,
Aparajita
www.aparajitaworld.com
"If you dare to fail, you are bound to succeed."
- Sri Chinmoy | www.srichinmoylibrary.com
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
