Versions Compared

Old Version 1

changes.mady.by.user Hugo

Saved on

compared with

New Version Current

changes.mady.by.user PT

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Warningpanel
Definition
borderColortitlegreen
borderWidth1
titleBGColor#ddffcc
borderStylesolid
title
Prevent SQL injection

When using Hash Variable that uses URL parameter or user-inputted value in the SQL query, ensure that these hash variable(s) are escaped in the query!

Make use of hash variable escape keywords, see Hash Variable - Escaping the Resultant Hash Variable.

Example of VULNERABLE query :

SELECT * FROM app_fd_sample_table WHERE  c_value = '#requestParam.id#'

To fix this, use ?sql hash variable escape:

SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id?sql#'

Introduction

English
JDBC Options Binder allows you to retrieve form options option records from Joget or a custom database via user-defined SQL query statements.
Panel
borderColorpurple
borderWidth1
titleBGColor#ddccff
borderStylesolid
titleNew Feature

This is a new feature in Joget Workflow v6.

 

Image Removed

JDBC Options Binder Properties

Configure JDBC Options Binder

Image Added

Figure 1: JDBC Options Option Binder Properties

NameDescription
Datasource

Target database to execute SQL statements on.

Choices:-

  • Custom Datasource
    • JDBC Connection Parameters are needed for this choice.
  • Default Datasource
    By selecting Default Datasource, the
      • Points to the current database your copy of Joget
    is currently using will be selected
      • currently connects to.
    Custom JDBC Driver
    Custom JDBC Driver. This field is required when Custom Datasource is selected in Datasource above

    JDBC driver name.

    Example values:

    • com.mysql.jdbc.Driver (MySQL)
    • oracle.jdbc.driver.OracleDriver (Oracle)
    • com.microsoft.sqlserver.jdbc.SQLServerDriver (Microsoft SQL Server)

    Only applicable to "Custom Datasource" option.

    Custom JDBC URL 
    Custom JDBC URL. This field is required when Custom Datasource is selected in Datasource above

    Database connection URL.

    Example: jdbc:mysql://localhost:3306/jwdb

    Only applicable to "Custom Datasource" option.

    Custom JDBC Username 
    Custom JDBC Username. This field is required when Custom Datasource is selected in Datasource above

    Database username.

    Example: root

    Only applicable to "Custom Datasource" option.

    Custom JDBC Password
    Custom JDBC Password. This field is required when Custom Datasource is selected in Datasource above

    Specified database user's password.

    Only applicable to "Custom Datasource" option.

    Info
    titleTest the connection parameters

    Click on the "Test Connection" button at the bottom of the page to quickly test out your configurations.

    Use AJAX for cascade options?

    When checked, this allows these fields to dynamically load available options based on the other field value (grouping column) when dealing with tremendous amount of selections.

    Read

     Read more at Ajax Cascading Drop-Down List.

     

    Info
    titleImportant

    Do not forget to configure the dependency field in Field ID to control available

    oiptiosn

    option based on Grouping in the

    next

    Advanced Options tab.

    Image Modified
    Info
    titleImportant

    Use question mark (?) in your SQL SELECT Query to represent dependency values.

    Add Empty Option
    If checked,

    Click this checkbox if you want an empty option

    will be added to the selections.

    in the selectbox.  Clicking this option will display the following field:

    • Empty Option Label
    Empty option label. Only in use when Add Empty Option is checked.
    • - Enter your "empty" label, for example "Select".
    SQL SELECT Query
    Note

    If a column name contains reserved keywords, do ensure it is encapsulated properly.

    For example for MySQL, if the column identifier itself contains a dot symbol ( . ), it should be encapsulated like this:

    Code Block
    languagesql
    SELECT `myAppName.myColumn` FROM app_fd_myTable;
    SQL SELECT Query
    To populate a selectbox, for example, you need to return at least 2 columns. The first column is used for 
     value/ID
     Id. The second column is used for 
     label
     Label.
    An optional third column can be returned for grouping value if for example, you are using the select box "Field ID to control available options based on Grouping" property field.
     Code Block
    languagesql
    titleExample
    linenumberstrue
    SELECT
   username,
 
    CONCAT(lastName,
     
    ' ', firstName) FROM
     username
FROM
   dir_user
     
     
ORDER BY
   username ASC
    When Use AJAX for cascade 
     options? 
    options is checked, make sure that a question mark is placed within the query.
     Code Block
    languagesql
    titleExample
    linenumberstrue
    SELECT
   username,
   CONCAT(lastName, ' ', firstName) 
FROM
   dir_user 
WHERE
   timeZone = (?)
     
     
    On multi-select box form element on cascade and when using JDBC, remember to use  brackets  to enclose the ? parameter in 
    "WHERE id IN (?)" :
     Code Block
    languagesql
    titleExample
    linenumberstrue
    SELECT
   id,
   c_field1
FROM
   app_fd_myTable
WHERE
   id IN (?)

     Info
    titleTable & Column Naming
    • For database tables created by Joget Forms, Joget adds a "c_" in front of table column names (or "t_" if your column name starts with a number) and "app_fd_" in front of database table names.
    • If you use environment hash variables to store SQL query strings, use "?noescape" to escape SQL query strings in JDBC binders to prevent the "<>" "not equal" operator from being converted, i.e. disables XSS prevention checking. Read here for more information..
    Related JDBC Binders & Useful Links
    Download Demo App
    ...