BIRT Multi-Select Parameters

The Safe and Easy Way

Enabling Intelligent Decisions©

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt

1

BIRT Project
Our Involvement
Involved with project since inception (2004) OS BIRT & Actuate BIRT BIRT PMC & BIRT Committers BIRT World / BIRT Exchange

Our Focus
For your Product For your Project For Source at: Enterprise your
http://longlake.minnovent.com/repos/birt_example/innovent.birt

2

BIRT Services
Services
Best Practices Design, Development & Deployment Remote Consulting and Support BIRT Training

Selected Experience
Aldon Blackboard
Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt 3

Multi-Select the Easy Way
Multi-Select Parameters
Available in 2.2 Builds an array of values

Often Used with SQL
Constrain query to range of values Where state in (‘MN’, ‘NC’, ‘CA’)

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt

4

Implementation Techniques
JavaScript Event Handlers DataSet Property Binding Two Issues
Maintenance (query & expression) SQL Injection

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt

5

SQL Injection
select * from orders where state in (?)

DON’T DO THIS

? = “ ‘MN’); drop database; select * from dual where 1 in (‘1’ ” select * from orders where state in (‘MN’); drop database; Source at:
http://longlake.minnovent.com/repos/birt_example/innovent.birt

6

Parameter Binding
Supported by JDBC and all Databases Stops SQL Injection Attacks select * from orders where state in (?,?,?) Each parameter value requires a binding
Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt

7

Can BIRT Do This?
Absolutely Design Engine API
Read QueryText Find Parameter Names / Values Modify SQL Text to add ‘?’ Add Parameter Binding to DataSet

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt

8

Can BIRT Do This Easily?
Absolutely Use standard SQL Syntax Use ScriptFunctionExtension point
Build your own functions Expose those functions in the UI New to 2.3.1

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt

9

Standard SQL Syntax
Select * From Orders Where 0=0 -- and status in (‘MS:parameterName’)

10 Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt

Use the ScriptFunctionExtension
The easiest BIRT extension point Extremely useful Many simpler applications
Combining the DEAPI and ScriptFunctions is more difficult. Don’t Let these examples scare you away.
11 Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt

DEMO Time
Simple DEAPI Example
Add a Label to a blank design

Work with Parameters
Dynamically show parameters in design

Multi-Select Example
In action
12 Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt

Questions and Contact Info
Scott Rosenbaum scottr@innoventsolutions.com (763) 225-8418 Keith Mericle kmericle@innoventsolutions.com (562) 698-8583 http://innoventsolutions.com
13 Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt

Questions ?
Source in Subversion

http://longlake.minnovent.com/repos/birt project: innovent.birt.functions

14 Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt

Sign up to vote on this title
UsefulNot useful