Versions Compared

Old Version 1

changes.mady.by.user Aadrian Zarin

Saved on

compared with

New Version 2

changes.mady.by.user Ricy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning
titlePrevent SQL injection

When using Hash Variable that uses URL parameter or user-inputted value in the SQL query, ensure that these hash variable(s) are escaped in the query!

Make use of hash variable escape keywords, see Hash Variable - Escaping the Resultant Hash Variable.

Example of VULNERABLE query :

SELECT * FROM app_fd_sample_table WHERE  c_value = '#requestParam.id#'

To fix this, use ?sql hash variable escape:

SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id?sql#'

Introduction

Database SQL Query, formerly known as JDBC Form Binder allows you to use custom SQL statements to retrieve and load records into your form fields. Similarly, you can write SQL statements to save the records in your form field into a database table.

JDBC form binders Database SQL Query settings are located in the form PROPERTIES tab under "Advanced > Data Binder > Load Binder & Store BinderData From & Save Data To".  JDBC JDBC form binders replaces the standard Workflow Form Binder.

...

JDBC Binders comes standard in Joget v6 and DX. If you are using Joget v5, you can download the JDBC Binders from Joget Marketplace.

Image RemovedImage Added

Figure 1: JDBC Binder Database SQL Query selected as Load Data From & Save BinderData To

JDBC Binder Properties

Configure JDBC Load Binder


Image RemovedImage Added

Figure 2: Configure JDBC Binder

...

Configure JDBC Store Binder

Image RemovedImage Added

Figure 3: Configure Store JDBC Binder

...