Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning
titlePrevent SQL injection

When using Hash Variable that uses a URL parameter or user-inputted value in the SQL query, ensure that these hash variable(s) are escaped in the query!

Make use of hash variable escape keywords, see Hash Variable - Escaping the Resultant Hash Variable.

Example of VULNERABLE query:

SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id#'

To fix this, use ?sql hash variable escape:

SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id?sql#'

Note
titleOrder by ASC/DESC

Order By using SQL Query will not work.
It is a must to use the Order By function inside the List Settings instead.


Introduction

Datalist Database Binder gives Database SQL Query List Data Store gives you the flexibility of designing a datalist List by using your own custom SQL queries and database connection.

Database SQL Query Properties

Configure Database SQL Query


Figure 1: Database SQL Query Properties

NameDescription
Datasource

Target database to execute SQL statements on.

Choices:-

  • Custom Datasource
    • JDBC Connection Parameters are needed for this choice.
  • Default Datasource
    • Points to the current database your copy of Joget currently connects to.
Custom JDBC Driver

JDBC driver name.

Example values:

  • com.mysql.jdbc.Driver (MySQL)
  • oracle.jdbc.driver.OracleDriver (Oracle)
  • com.microsoft.sqlserver.jdbc.SQLServerDriver (Microsoft SQL Server)

Only applicable to "Custom Datasource" option.

Custom JDBC URL 

Database connection URL.

Example: jdbc:mysql://localhost:3306/jwdb

Only applicable to "Custom Datasource" option.

Custom JDBC Username 

Database username.

Example: root

Only applicable to "Custom Datasource" option.

Custom JDBC Password

Specified database user's password.

Only applicable to "Custom Datasource" option.


Info
titleTest the connection parameters

Click on the "Test Connection" button at the bottom of the page to quickly test out your configurations.

SQL SELECT Query 
SQL Select query to populate the datalist.


Code Block
languagesql
titleExample
SELECT * FROM app_fd_myTable
Note

If a column name contains reserved keywords, do ensure it is encapsulated properly.

For example for MySQL, if the column identifier itself contains a dot symbol ( . ), it should be encapsulated like this:

Code Block
languagesql
SELECT `myAppName.myColumn` FROM app_fd_myTable;
Info
titleTable & Column Naming
  • For database tables created by Joget Forms, Joget adds a "c_" in front of table column names (or "t_" if your column name starts with a number) and "app_fd_" in front of database table names.
  • If you use environment hash variables to store SQL query strings, use "?noescape" to escape SQL query strings in JDBC binders data stores to prevent the "<>" "not equal" operator from being converted, i.e. disables XSS prevention checking. Read here for more information..
Primary Key 

Define the primary key column.

By default, it should be "id".

Optimize query for paging

When checked, the binder data store only fetches selected page's items rather than the returning the whole data set to optimize the performance for large dataset paging.

Only works for MySQL and Microsoft SQL Server 2012 onwards.

Related Database SQL Query & Useful Links

Download Demo App

APP_datalist_using_jdbc_dx_kb.jwa

...