Hi Gene and Atrix,
I would investigate the ENCODING=SQL attribute for when you are using <@ARG>
or <@VAR> inside Direct DBMS Actions.
This escapes any single-quotes (') that may be part of your values which can
break your SQL, plus does help a little to prevent SQL-injection attacks.
Plus you may want to test the "length" of the values you are passing
directly from <@ARG>s and <@VAR>s to make sure they don't exceed the size of
your database fields.
Hope this helps. Cheers......
Scott Cadillac,
Witango.org - http://witango.org
403-281-6090 - [EMAIL PROTECTED]
--
Information for the Witango Developer Community
---------------------
XML-Extranet - http://xml-extra.net
403-281-6090 - [EMAIL PROTECTED]
--
Well-formed Development (for hire)
---------------------
-----Original Message-----
From: Wolf, Gene [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 05, 2003 12:22 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Witango-Talk: metatags within DBMS
This should not be a problem. I've generated SQL outside of a DBMS, and the
following code is used inside of a DBMS action. Both work.
<@Assign User$Makeand 0>
SELECT
Count(*)
FROM LABORHIST L1
WHERE (
<@IF EXPR="(LEN('<@ARG WORKDATE>'))">
L1.WORKDATE>='<@ARG WORKDATE>' AND L1.WORKDATE<='<@ARG WORKDATE_1>'
<@Assign User$Makeand 1>
</@IF>
<@IF EXPR="(LEN('<@ARG Job>'))">
<@IF EXPR="(<@Var User$Makeand>)">
AND
</@IF>
L1.JOB LIKE '<@ARG JOB>%'
<@Assign User$Makeand 1>
</@IF>
<@IF EXPR="(LEN('<@ARG Job_1>'))">
<@IF EXPR="(<@Var User$Makeand>)">
AND
</@IF>
L1.JOB = '<@ARG JOB_1>'
<@Assign User$Makeand 1>
</@IF>
<@IF EXPR="(LEN('<@ARG EmployeeFullName>'))">
<@IF EXPR="(<@Var User$Makeand>)">
AND
</@IF>
L1."EMPLOYEE FULL NAME" LIKE '<@ARG EMPLOYEEFULLNAME>%'
<@Assign User$Makeand 1>
</@IF>
<@IF EXPR="(LEN('<@ARG PE_DATE>'))">
<@IF EXPR="(<@Var User$Makeand>)">
AND
</@IF>
L1.PE_DATE>=<@ARG PE_DATE>
<@Assign User$Makeand 1>
</@IF>
<@IF EXPR="(LEN('<@ARG PE_DATE_1>'))">
<@IF EXPR="(<@Var User$Makeand>)">
AND
</@IF>
L1.PE_DATE<=<@ARG PE_DATE_1>
<@Assign User$Makeand 1>
</@IF>
<@IF EXPR="(LEN('<@ARG PARTNO_>'))">
<@IF EXPR="(<@Var User$Makeand>)">
AND
</@IF>
L1."PART NO_" LIKE '<@ARG PARTNO_>%'
<@Assign User$Makeand 1>
</@IF>
<@IF EXPR="(LEN('<@ARG PARTNO__1>'))">
<@IF EXPR="(<@Var User$Makeand>)">
AND
</@IF>
L1."PART NO_"='<@ARG PARTNO__1>'
<@Assign User$Makeand 1>
</@IF>
<@IF EXPR="(LEN('<@ARG WO_NO>'))">
<@IF EXPR="(<@Var User$Makeand>)">
AND
</@IF>
L1.WO_NO LIKE '<@ARG WO_NO>%'
<@Assign User$Makeand 1>
</@IF>
<@IF EXPR="(LEN('<@ARG WO_NO_1>'))">
<@IF EXPR="(<@Var User$Makeand>)">
AND
</@IF>
L1.WO_NO='<@ARG WO_NO_1>'
<@Assign User$Makeand 1>
</@IF>
<@IF EXPR="(LEN('<@ARG WO_PART>'))">
<@IF EXPR="(<@Var User$Makeand>)">
AND
</@IF>
L1.WO_PART='<@ARG WO_PART>'
<@Assign User$Makeand 1>
</@IF>
<@IF EXPR="(LEN('<@ARG Ccen>'))">
<@IF EXPR="(<@Var User$Makeand>)">
AND
</@IF>
L1.CCEN>=<@ARG Ccen>
<@Assign User$Makeand 1>
</@IF>
<@IF EXPR="(LEN('<@ARG Ccen1>'))">
<@IF EXPR="(<@Var User$Makeand>)">
AND
</@IF>
L1.CCEN<=<@ARG Ccen1>
<@Assign User$Makeand 1>
</@IF>
)
Gene Wolf
Business Systems Analyst
DRS Optronics, Inc.
2330 Commerce Park Drive
Palm Bay, Florida 32905
Phone: 321-309-0685
E-mail: [EMAIL PROTECTED]
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
