dhis2-devs team mailing list archive

Thread
Date

Re: SQL View Doesn't work for comma seperated variables

To: Jason Pickering <jason.p.pickering@xxxxxxxxx>
From: Lorill Crees <lcrees@xxxxxxxxxx>
Date: Sat, 28 May 2016 09:23:15 -0700
Cc: Morten Olav Hansen <mortenoh@xxxxxxxxx>, dhis2-devs <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CADsNmhv=yFoPzksvCXRuTUCuBCzvgPzxySFaswx=rB8ZTwzHMg@mail.gmail.com>

Hi Priyanka,

I had asked a related question recently about the ability to support "IN"
clauses, you can view the thread here:

https://lists.launchpad.net/dhis2-devs/msg44763.html

Lorill

On Thu, May 26, 2016 at 11:34 PM, Jason Pickering <
jason.p.pickering@xxxxxxxxx> wrote:

> Hi there.
>
> This syntax is not supported as you can see from the documentation
> <http://dhis2.github.io/dhis2-docs/2.21/en/developer/html/ch01s25.html>
>
> *The variable parameter must contain alphanumeric characters only. The
> variables must contain alphanumeric, dash, underscore and whitespace
> characters only.*
>
> This might be something which can added, but there could be an increased
> risk of SQL injection attacks, which these restrictions are meant to try
> and prevent to some extent.  Maybe the developers can say more about this.
>
> Regards,
> Jason
>
>
> On Fri, May 27, 2016 at 8:14 AM, Priyanka Bawa <priyankabawa609@xxxxxxxxx>
> wrote:
>
>> This error comes in version 2.20.
>>
>> Regards
>> Priyanka
>>
>> On Fri, May 27, 2016 at 11:36 AM, Priyanka Bawa <
>> priyankabawa609@xxxxxxxxx> wrote:
>>
>>> Hi
>>> I am trying to create an SQLView where i am using a variable (
>>> *populationFormSOU1).* The result of this variable is comma separated
>>> as :-
>>>  shvnNIx,1biz5LW,BZuwzHr5,RP4CW,lYFre,n5z2VKrv,5Ut1oxMO,FJETOdBp,h7sbFDA
>>>
>>> SELECT COUNT(*) FROM completedatasetregistration WHERE sourceid IN
>>> (populationFormSOU1='${*populationFormSOU1*}') AND datasetid = 52 AND
>>> periodid = '${periodid}';
>>>
>>>
>>> The result of above SQLView says that the variables are invalid [image:
>>> Inline image 1]
>>> Seems that the query doesn't take variables having any special character.
>>> Any help will be appreciated.
>>>
>>> Regards
>>> Priyanka
>>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-devs
>> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~dhis2-devs
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
>
> --
> Jason P. Pickering
> email: jason.p.pickering@xxxxxxxxx
> tel:+46764147049
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp
>
>

References

SQL View Doesn't work for comma seperated variables
From: Priyanka Bawa, 2016-05-27
Re: SQL View Doesn't work for comma seperated variables
From: Priyanka Bawa, 2016-05-27
Re: SQL View Doesn't work for comma seperated variables
From: Jason Pickering, 2016-05-27