Report with lots of user options

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Report with lots of user options

Message

30/10/2007 12:45:10

Garrett Fitzgerald
Penobscot Community Health Care
Maine, États-Unis

28/10/2007 20:21:22

Randy Waldman
Hoffer Companies
Houston, Texas, États-Unis

Information générale

Forum:

Visual FoxPro

Catégorie:

Gestionnaire de rapports & Rapports

Titre:

Re: Report with lots of user options

Versions des environnements

Visual FoxPro:

VFP 7 SP1

OS:

Windows XP SP2

Network:

Windows 2000 Server

Database:

Visual FoxPro

Divers

Thread ID:

01264661

Message ID:

01265088

Vues:

>Hi. Doing a SQL where end-user has a choice of any number of options. Should I do a
>macro substitution. Is there a tutorial on this? Is there an easier way?

If you let the customer type in things to search for, make sure you allow for the possibility of a SQL injection attack.

Say you use something like the following code:

lcName = "Avery 4143"
SELECT * ;
	FROM HOME(1) + "labels" ;
	WHERE name = "&lcName."

All well and good, right? But what if the user adds a bit to the "label name"?

lcName = [Avery"+IIF(EXECSCRIPT('? "Hi there!"'), " ", " ") + "4143]
SELECT * ;
	FROM HOME(1) + "labels" ;
	WHERE name = "&lcName."

(My original code had MESSAGEBOX() in it, but that turned out to be too painful. :-) )

My blog
My consulting page
My home page

Member of the Trim Your Auto-Quote Campaign!
What's another word for thesaurus?

Répondre

Fil

Voir

Click here to load this message in the networking platform