$PBExportHeader$n_ds_sqlselect.sru $PBExportComments$Quick SQL Select forward global type n_ds_sqlselect from n_ds_cgibase end type end forward global type n_ds_sqlselect from n_ds_cgibase end type global n_ds_sqlselect n_ds_sqlselect forward prototypes public function string of_invokemethod (string as_method) end prototypes public function string of_invokemethod (string as_method);// Execute SQL Statement string ls_lowersqlstatement string ls_forbiddenstring[] = { "update" , "insert" , "delete" , "create" , "alter" , "drop" , "exec" } long ll_ub, ll_i boolean lb_forbidden=FALSE choose case as_method case "of_execute" // Do some Processing here.... string ls_html string ls_sqlstatement string ls_syntax string ls_error ls_sqlstatement = cgienv.of_getParam( 'sqlstatement' ) ls_html = "<html>~n<head>~n<title>PB Web Easy - SQL Select</title>~n</head>~n<body>~n" // Simple Error handling if Len ( Trim ( ls_sqlstatement )) > 0 then ls_lowersqlstatement = Trim(Lower( ls_sqlstatement)) // Check if dbo is logged in... if session.of_getusername() = n_ds_session.SUPERUID then else ll_ub = UpperBound ( ls_forbiddenstring ) for ll_i = 1 to ll_ub if Pos ( ls_sqlstatement , ls_forbiddenstring[ll_i] ) > 0 then lb_forbidden=TRUE exit end if next end if if lb_forbidden then ls_html += "<h1>Not connected as SUPERUSER</h1><br />Forbidden string detected in SQL Statement.<br />" else // Execute SQL Statement(s) ls_syntax = SQLCA.SyntaxFromSQL(ls_sqlstatement, "style ( type=grid ) DataWindow ( units=0) column ( border=1 ) text ( border=1)", ls_error) If Len (ls_error) > 0 then ls_html += ls_error else This.Create(ls_syntax) This.SetTransObject(SQLCA) This.Modify("DataWindow.HTMLGen.Browser = 'Mozilla/4.0 (compatible; MSIE 5.x;) : Microsoft Internet Explorer 5.0'") This.Modify('DataWindow.HTMLGen.HTMLVersion = "4.0"') This.Object.DataWindow.HTMLTable.Border = "1" This.Object.DataWindow.HTMLTable.GenerateCSS = "0" This.Object.DataWindow.HTMLTable.width = "0" This.Retrieve() ls_html += This.Object.DataWindow.data.HTMLTable end if end if else ls_html += "No SQL Statement found!" end if ls_html += "~n</body>~n</html>" return ls_html case else // Method can not be found here return super::of_invokemethod ( as_method ) end choose end function on n_ds_sqlselect.create call super::create end on on n_ds_sqlselect.destroy call super::destroy end on
- Sources
- pb9webeasy
- PBL
- n_ds_sqlselect.sru
File: n_ds_sqlselect.sru
Size: 2657
Date: Sat, 08 Dec 2007 15:38:37 +0100
Size: 2657
Date: Sat, 08 Dec 2007 15:38:37 +0100
- n_ds_cgibase n_ds_sqlselect(sru)