Hi.

I need to work with Firebird database, using ODBC, and these are some doubts:

1. How to create a dataset at runtime
2. How to load all columns at runtime


The goal is to create a generic form, create all the utilities to edit a record and then creating a new inherited form.

Example:
1. Create DataSet for Firebird (ODBC)
2. Asign SQL.Text := 'SELECT * FROM '+Table+' WHERE Code = :Parameter',
3. Open query with Parameter and asign fields to edits controls


Sometimes, I won't know all the fields in the table, so I can not predefining them and, in addition, thus it is easier to create a generic form

Thanks

Ricardo wrote:

> I need to work with Firebird database, using ODBC, and these are some
> doubts:

Me too! 8-)

The key here is to think about your whole application - there are two
parts, the server and the client(s). The clients are the EWB part, and
they can use any standard web protocols like REST or anything similar
to return data and to take actions. The server is "just code" that does
what you want the clients to be able to do. The main doubt I have for
you is to consider security. The key is that if ANY client is able to
issue database table operations, where any SQL at all is sent, then
your whole server is at risk from hackers. It is easy for the browser
code to be modified, and instead of your "SELECT" I can sent "DROP *"
and your data is gone. EWB solves this by "canning" the queries on the
server, and using the database permissions and authentication to make
sure it is okay. Since you can only do the operations the developer
determined, the client can't do anything silly.

Tim has sample code for doing the basics of simple data operations, but
you might want to consider an alternative where you use an "API" using
REST or the RemObjects SDK or similar. For this, you define operations
that the clients will want to do, and specify the parameters, and then
your server does the work, having checked the permissions etc. In my
web shop for example, I have calls to get the list of products
available to a user, and that returns JSON which the client can
interpret. If they add one to the basket, it sends the product code and
the quantity to the server to get the price, which may have different
taxes applied. On the admin side, the administrator might select an
order to mark it shipped, and a call to the server with the order ID is
sent. There is no SQL at all on the client, so I can modify the back
end to work however I want without updating the clients.

Anyway, you need to think around this - in general making a database
accessible with any SQL from the client is very dangerous (and don't
expect to be able to sanitise it - there are clever tricks to overcome
that too).

--

Matthew Jones

Ricardo,

<< I need to work with Firebird database, using ODBC, and these are some
doubts:

1. How to create a dataset at runtime
2. How to load all columns at runtime >>

You can do both of these things at runtime in the client-side EWB
application, but not for the server-side dataset definitions.  As Matthew
states, it's a huge security risk/hole for any web server to accept SQL from
a client application.

However, you *can* write a custom dataset module that can provide a list of
datasets to select from, and then use that list on the client to set up the
columns and load the datasets.  I'll have to work up an example project that
does this so you can see how it works.  I'm finishing up a web server module
video over the next few days, so that will help with the "how to create a
web server module" part.

Tim Young
Elevate Software
www.elevatesoft.com

<< I'll have to work up an example project that
does this so you can see how it works.  I'm finishing up a web server module
video over the next few days, so that will help with the "how to create a
web server module" part.

Tim Young
Elevate Software
www.elevatesoft.com >>

Looking forward to this.  I would like to understand it better.