dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #39766
Re: Issue with date varibales for Sql View of type allows for variables
Thanks.
On Tue, Sep 15, 2015 at 12:26 PM, Bharath <chbharathk@xxxxxxxxx> wrote:
> Thanks Lars, I am updating my local 2.20 copy, will test it.
>
> On Tue, Sep 15, 2015 at 3:15 PM, Lars Helge Øverland <larshelge@xxxxxxxxx>
> wrote:
>
>> Hi Bharath,
>>
>> sorry I know this is a bit unclear. For security purposes we have strict
>> checks on the URL variables to prevent malicious values from being executed
>> as SQL. We are currently only allowing alphanumeric values so it stopped
>> your dates since they have dashes inside. I have made two changes and
>> backported them to 2.20 now:
>>
>> - For variable values we now allow characters, numbers, dash, underscore
>> and space.
>>
>> - I have implemented better feedback so that the API will tell you which
>> variables are invalid in the response.
>>
>> - I have also updated the docs to reflect this.
>>
>> Please try again with latest 2.20.
>>
>> regards,
>>
>> Lars
>>
>>
>> On Tue, Sep 15, 2015 at 11:10 AM, Bharath <chbharathk@xxxxxxxxx> wrote:
>>
>>> Thanks Knut. without dashes I am able to get the data.
>>>
>>> On Tue, Sep 15, 2015 at 1:18 PM, Knut Staring <knutst@xxxxxxxxx> wrote:
>>>
>>>> The dates should be like this: 20150101 and 20151231. Actually, the
>>>> manual is confusing on this point, as it starts with dashes:
>>>>
>>>> https://www.dhis2.org/doc/snapshot/en/developer/html/ch01s04.html
>>>>
>>>> On Tue, Sep 15, 2015 at 8:26 AM, Bharath <chbharathk@xxxxxxxxx> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I have created a sample sql view which has 2 variable parameters
>>>>> namely startDate and endDate. My sql view looks like:
>>>>>
>>>>>
>>>>> *SELECT dv.* from datavalue dv inner join period p on dv.periodid =
>>>>> p.periodid where p.periodtypeid = 8 and p.startdate >= '${startDate}' and
>>>>> p.enddate <='${endDate}' limit 500;*
>>>>>
>>>>> I am trying to pass these 2 date values from api url, but getting
>>>>> below error message:
>>>>>
>>>>> URI:
>>>>>
>>>>> https://apps.dhis2.org/demo/api/sqlViews/Eod3B6ET3dw/data.json?var=startDate:2015-01-01&var=endDate:2015-03-31
>>>>>
>>>>> Response:
>>>>> {
>>>>>
>>>>> - httpStatus: "Conflict",
>>>>> - httpStatusCode: 409,
>>>>> - status: "ERROR",
>>>>> - message: "SQL query contains variables which were not supplied
>>>>> in request: [endDate, startDate]"
>>>>>
>>>>> }
>>>>>
>>>>> If I place these date values inside sqlview then I am able to get the
>>>>> result.
>>>>>
>>>>> Can you please help me to find where I am doing mistake. Thanks.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Regards,
>>>>> Bharath Kumar. Ch
>>>>>
>>>>> _______________________________________________
>>>>> Mailing list: https://launchpad.net/~dhis2-devs
>>>>> Post to : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs
>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Knut Staring
>>>> Dept. of Informatics, University of Oslo
>>>> Norway: +4791880522
>>>> Skype: knutstar
>>>> http://dhis2.org
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Regards,
>>> Bharath Kumar. Ch
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~dhis2-devs
>>> Post to : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~dhis2-devs
>>> More help : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>>
>> --
>> Lars Helge Øverland
>> Lead developer, DHIS 2
>> University of Oslo
>> Skype: larshelgeoverland
>> http://www.dhis2.org <https://www.dhis2.org>
>>
>>
>
>
> --
>
> Regards,
> Bharath Kumar. Ch
>
--
Lars Helge Øverland
Lead developer, DHIS 2
University of Oslo
Skype: larshelgeoverland
http://www.dhis2.org <https://www.dhis2.org>
References