File: n_ds_sqlselect.sru
Size: 2657
Date: Sat, 08 Dec 2007 15:38:37 +0100
$PBExportHeader$n_ds_sqlselect.sru
$PBExportComments$Quick SQL Select
forward
global type n_ds_sqlselect from n_ds_cgibase
end type
end forward

global type n_ds_sqlselect from n_ds_cgibase
end type
global n_ds_sqlselect n_ds_sqlselect

forward prototypes
public function string of_invokemethod (string as_method)
end prototypes

public function string of_invokemethod (string as_method);// Execute SQL Statement
string ls_lowersqlstatement
string ls_forbiddenstring[] =  { "update" , "insert" , "delete" , "create" , "alter" , "drop" , "exec" }
long ll_ub, ll_i
boolean lb_forbidden=FALSE

choose case as_method
   case "of_execute"
      // Do some Processing here....
      string ls_html
      string ls_sqlstatement
      string ls_syntax
      string ls_error
      ls_sqlstatement = cgienv.of_getParam( 'sqlstatement' )
      ls_html = "<html>~n<head>~n<title>PB Web Easy - SQL Select</title>~n</head>~n<body>~n" 
      
      // Simple Error handling
      if Len ( Trim ( ls_sqlstatement )) > 0 then 
         ls_lowersqlstatement = Trim(Lower( ls_sqlstatement))
         // Check if dbo is logged in...
         if session.of_getusername() = n_ds_session.SUPERUID then
         else
            ll_ub = UpperBound ( ls_forbiddenstring )
         
            for ll_i = 1 to ll_ub
               if Pos ( ls_sqlstatement , ls_forbiddenstring[ll_i] ) > 0 then
                  lb_forbidden=TRUE
                  exit 
               end if
            next
         end if
                  
         if lb_forbidden then
            ls_html += "<h1>Not connected as SUPERUSER</h1><br />Forbidden string detected in SQL Statement.<br />"
         else
            // Execute SQL Statement(s)
            ls_syntax = SQLCA.SyntaxFromSQL(ls_sqlstatement, "style ( type=grid )  DataWindow ( units=0)   column ( border=1 ) text ( border=1)", ls_error)
   
            If Len (ls_error) > 0  then
               ls_html += ls_error
            else
               This.Create(ls_syntax)
               This.SetTransObject(SQLCA)
               This.Modify("DataWindow.HTMLGen.Browser = 'Mozilla/4.0 (compatible; MSIE 5.x;) : Microsoft Internet Explorer 5.0'")
               This.Modify('DataWindow.HTMLGen.HTMLVersion = "4.0"')
               This.Object.DataWindow.HTMLTable.Border = "1"
               This.Object.DataWindow.HTMLTable.GenerateCSS = "0"
               This.Object.DataWindow.HTMLTable.width = "0"
               This.Retrieve()
               ls_html += This.Object.DataWindow.data.HTMLTable
            end if
         end if
      else
         ls_html += "No SQL Statement found!"
      end if
         
      ls_html += "~n</body>~n</html>"

      return ls_html
      
   case else
      // Method can not be found here
      return super::of_invokemethod ( as_method )
   
end choose

end function

on n_ds_sqlselect.create
call super::create
end on

on n_ds_sqlselect.destroy
call super::destroy
end on