Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General » View Thread |
Messages 1 to 10 of 23 total |
ExecSQL in ewb |
Mon, Jun 29 2015 1:51 PM | Permanent Link |
Huseyin Aliz myBiss ApS | Hi All,
Is it possible to use execsql (or how to use similar command) to delete some rows from dbisam dataset? Dataset query could be something like: delete from orders where ordernumber={ordernumber=1000} Regards, Hüseyin A. |
Tue, Jun 30 2015 4:00 AM | Permanent Link |
Matthew Jones | Hüseyin Aliz wrote:
> Is it possible to use execsql (or how to use similar command) to > delete some rows from dbisam dataset? > > Dataset query could be something like: > > delete from orders > where ordernumber={ordernumber=1000} When I didn't know anything about the EWB server system and the database operation, I figured it would be a horrible security issue if the web browser client could issue SQL to run against the database. What would stop anyone hacking my code to do a DROP TABLE * ? Fortunately, Tim had been there, done the thinking, and provided the solution - all the queries are "canned" and so you cannot do anything that was not set up in advance, and with permissions, nothing you aren't supposed to even if DROP TABLE is in a preset. The key of course is to pass in a parameter for that ordernumber value, and the preset query you create should work. I'll confess though I've never used this aspect myself, as my servers use an API that handles the SQL for me, rather than being direct CRUD applications. I hope though that this points the way for you. -- Matthew Jones |
Tue, Jun 30 2015 5:12 AM | Permanent Link |
Huseyin Aliz myBiss ApS | Hi Matthew,
Thanks for your reply. The exact code i am using are: Database.StartTransaction; try with SletDetail do begin Params.Clear; Params.Add('Ordrenr='+inttostr(Nyordre.columns['Maksordrenr'].asInteger + 1)); Database.Loadrows(SletDetail); end; Database.Commit; except Database.Rollback; raise; end; But it does not work and fails with "Error creating table handle" and I also tried to replace Database.Loadrows(SletDetail); with Open; but nothing happens - no error messages, no deletion of rows.. Regards, Hüseyin Den 30-06-2015 kl. 10:00 skrev Matthew Jones: > Hüseyin Aliz wrote: > >> Is it possible to use execsql (or how to use similar command) to >> delete some rows from dbisam dataset? >> >> Dataset query could be something like: >> >> delete from orders >> where ordernumber={ordernumber=1000} > > > When I didn't know anything about the EWB server system and the > database operation, I figured it would be a horrible security issue if > the web browser client could issue SQL to run against the database. > What would stop anyone hacking my code to do a DROP TABLE * ? > Fortunately, Tim had been there, done the thinking, and provided the > solution - all the queries are "canned" and so you cannot do anything > that was not set up in advance, and with permissions, nothing you > aren't supposed to even if DROP TABLE is in a preset. > > The key of course is to pass in a parameter for that ordernumber value, > and the preset query you create should work. I'll confess though I've > never used this aspect myself, as my servers use an API that handles > the SQL for me, rather than being direct CRUD applications. I hope > though that this points the way for you. > > |
Tue, Jun 30 2015 5:18 AM | Permanent Link |
Huseyin Aliz myBiss ApS | Hi Matthew,
Thanks for your reply. The exact code i am using are: Database.StartTransaction; try with SletDetail do begin Params.Clear; Params.Add('Ordrenr='+inttostr(Nyordre.columns['Maksordrenr'].asInteger + 1)); Database.Loadrows(SletDetail); end; Database.Commit; except Database.Rollback; raise; end; It shows an error "Error creating table handle" but deletes rows from the table. I also tried to replace Database.Loadrows(SletDetail); with Open; but nothing happens - no error messages, no deletion of rows.. Regards, Hüseyin Den 30-06-2015 kl. 10:00 skrev Matthew Jones: > Hüseyin Aliz wrote: > >> Is it possible to use execsql (or how to use similar command) to >> delete some rows from dbisam dataset? >> >> Dataset query could be something like: >> >> delete from orders >> where ordernumber={ordernumber=1000} > > > When I didn't know anything about the EWB server system and the > database operation, I figured it would be a horrible security issue if > the web browser client could issue SQL to run against the database. > What would stop anyone hacking my code to do a DROP TABLE * ? > Fortunately, Tim had been there, done the thinking, and provided the > solution - all the queries are "canned" and so you cannot do anything > that was not set up in advance, and with permissions, nothing you > aren't supposed to even if DROP TABLE is in a preset. > > The key of course is to pass in a parameter for that ordernumber value, > and the preset query you create should work. I'll confess though I've > never used this aspect myself, as my servers use an API that handles > the SQL for me, rather than being direct CRUD applications. I hope > though that this points the way for you. > > |
Tue, Jun 30 2015 5:20 AM | Permanent Link |
Huseyin Aliz myBiss ApS | Hi Matthew,
Thanks for your reply. The exact code i am using are: Database.StartTransaction; try with SletDetail do begin Params.Clear; Params.Add('Ordrenr='+inttostr(Nyordre.columns['Maksordrenr'].asInteger + 1)); Database.Loadrows(SletDetail); end; Database.Commit; except Database.Rollback; raise; end; It shows an error "Error creating table handle" but deletes rows from the table. I also tried to replace Database.Loadrows(SletDetail); with Open; but nothing happens - no error messages, no deletion of rows.. Regards, Hüseyin Den 30-06-2015 kl. 10:00 skrev Matthew Jones: > Hüseyin Aliz wrote: > >> Is it possible to use execsql (or how to use similar command) to >> delete some rows from dbisam dataset? >> >> Dataset query could be something like: >> >> delete from orders >> where ordernumber={ordernumber=1000} > > > When I didn't know anything about the EWB server system and the > database operation, I figured it would be a horrible security issue if > the web browser client could issue SQL to run against the database. > What would stop anyone hacking my code to do a DROP TABLE * ? > Fortunately, Tim had been there, done the thinking, and provided the > solution - all the queries are "canned" and so you cannot do anything > that was not set up in advance, and with permissions, nothing you > aren't supposed to even if DROP TABLE is in a preset. > > The key of course is to pass in a parameter for that ordernumber value, > and the preset query you create should work. I'll confess though I've > never used this aspect myself, as my servers use an API that handles > the SQL for me, rather than being direct CRUD applications. I hope > though that this points the way for you. > > |
Tue, Jun 30 2015 5:28 AM | Permanent Link |
Matthew Jones | Hüseyin Aliz wrote:
> The exact code i am using are: I can't help further I'm sorry - I'm not sure where that code would be - in your Web application I presume? I'd want to know what the SQL on the server was like too. Also, is this EWB version 1 or version 2? But a scan of the EWB v1 help doesn't have any sort of ExecSQL that I'd expect for a delete type operation. Perhaps Tim will come by with useful info. -- Matthew Jones |
Tue, Jun 30 2015 5:37 AM | Permanent Link |
Huseyin Aliz myBiss ApS | Matthew,
Thanks anyway. It's ewb2. SQL defined in dataset exists both in ide and also webserver datasets (if this was what you have asked for) Regards, Hüseyin Den 30-06-2015 kl. 11:28 skrev Matthew Jones: > Hüseyin Aliz wrote: > >> The exact code i am using are: > > I can't help further I'm sorry - I'm not sure where that code would be > - in your Web application I presume? I'd want to know what the SQL on > the server was like too. Also, is this EWB version 1 or version 2? > > But a scan of the EWB v1 help doesn't have any sort of ExecSQL that I'd > expect for a delete type operation. Perhaps Tim will come by with > useful info. > |
Tue, Jun 30 2015 5:46 AM | Permanent Link |
Uli Becker | Hüseyin,
> Thanks anyway. It's ewb2. SQL defined in dataset exists both in ide and > also webserver datasets (if this was what you have asked for) I don't think you can use something like ExecSQL with datasets in EWB, but you can use a module that reacts to an additional parameter e.g. Uli |
Tue, Jun 30 2015 6:00 AM | Permanent Link |
Huseyin Aliz myBiss ApS | Hi Uli,
Thanks for your input I am a beginner yet, and unfortunately i dont know much about using modules with ewb, so if you can share a little sample code it could be very nice Regards, Hüseyin Den 30-06-2015 kl. 11:46 skrev Uli Becker: > Hüseyin, > >> Thanks anyway. It's ewb2. SQL defined in dataset exists both in ide and >> also webserver datasets (if this was what you have asked for) > > I don't think you can use something like ExecSQL with datasets in EWB, > but you can use a module that reacts to an additional parameter e.g. > > Uli > |
Tue, Jun 30 2015 7:12 AM | Permanent Link |
Uli Becker | Hüseyin,
> I am a beginner yet, and unfortunately i dont know much about using > modules with ewb, so if you can share a little sample code it could be > very nice I just posted one of my modules in the Binaries Newsgroup (Sample Module for Michale Saunders), hopefully that will help you. Uli |
Page 1 of 3 | Next Page » | |
Jump to Page: 1 2 3 |
This web page was last updated on Friday, September 13, 2024 at 03:42 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |