Great point, I forgot I had to make changes to the input validation check.
I am using the regex that checks for apostrophe and semi-colon (SQL Injection), that is mentioned on the Geoserver page about SQL views ([^;']+).
That said, I have had some issues with the validation, but have not had a chance to troubleshoot. For example, if you try to pass inappropriate characters, the viewparam value comes through as empty. This results in an error on your map, because (for this example) PostgreSQL can't parse "" as a TIMESTAMP. It would be good if validation failures resulted in the default map value. Then again, this behavior may be due to my configuration.
If you use an empty validation (for the sake of testing), do all of your previous strings work? It looks like many of them should.
-- Nicholas On 12/22/2010 11:01 AM, coastalrocket wrote:
Thanks Nicholas. Can I ask you what your validation looks like? I have to be honest I took the value presented to me after I selected 'guess parameters from SQL'. Nicholas Whittier wrote:I'm having some issues with SQL Views as well, but for viewparams, this is working for me: ...&viewparams=minDate:2010-12-10&... I'm using a SQL view using PostGIS where 'minDate' is being applied to a TIMESTAMP without time zone. If you are storing multiple time zones, and genuinely need the timezone and times, I would try: ...&viewparams=minDate:2010-12-10%2000:00:00%20GMT&... Hope this helps. --Nicholas On 12/22/2010 10:16 AM, coastalrocket wrote:Hello. I've created a sql view that uses two timestamp parameters (minDate& maxDate). Guessing the parameters works ok and i place two default values that are accepted. example default value is such: CAST('2010-12-10 00:00:00 GMT' AS TIMESTAMP) All accepted. When I run layer preview and alter the URL to include minDate as a parameter; http://localhost:8081/geoserver/wms?service=WMS&version=1.1.0&request=GetMap&layers=MySQLViewLayer&viewparams=minDate:CAST('10-12-2110%2000:00:00%20GMT'%20AS%20TIMESTAMP)&styles=&bbox=523847.688,177845.797,530038.312,183893.797&width=52&height=500&srs=EPSG:27700&format=application/openlayers The returned map contains all objects so it looks like the parameter has not taken effect. I'm not sure how I should be describing the value. I've tried minDate:01/01/2110 00:00:00 GMT, minDate:01/01/2010 and as minDate:CAST('10-12-2110 00:00:00 GMT' AS TIMESTAMP). In fact if I put in a nonsensical value I receive the same map. Any ideas how I should be constructing these values? I'd be interested to know where this knowledge comes from. If you can place Casts in the values is it based upon the SQL language of the underlying database? In my case it's Postgres. Many thanks. Andy------------------------------------------------------------------------------ Forrester recently released a report on the Return on Investment (ROI) of Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even within 7 months. Over 3 million businesses have gone Google with Google Apps: an online email calendar, and document program that's accessible from your browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
-- Nicholas Whittier NOAA Chesapeake Bay Office T: 410.267.5671 M: 443.994.4806
------------------------------------------------------------------------------ Forrester recently released a report on the Return on Investment (ROI) of Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even within 7 months. Over 3 million businesses have gone Google with Google Apps: an online email calendar, and document program that's accessible from your browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew
_______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
