[Top] [Prev] [Next] [Bottom] [Contents]

Embedded SQL

There may be times when a developer wants to simply display a contents table in an HTML document. A special extension was created for doing this and has the format:

##Sa_SQL=sql_statement##

where sql_statement is any valid SQL statement.

There are some other requirements for doing this:

: 1. The HTML document must be a Template in an Object Binding so it is generated by the Project Server Application.
: 2. It must be enabled within the Server Application by setting the Allow SQL in HTML flag in the Project Options Editor.
: 3. The following Project Options must also be set so the Server Application knows what to execute the SQL against:

Database Vendor
Database Server
Database Name
Database User Name
Database Password

When the Database options get set in a Server Application, it affects the database objects that were bound in the project as well, so use them only where applicable.

By default, the ability to execute HTML templates is disabled. If a hacker got into your Template HTML files and changed:

SELECT * FROM my_valuable_data

: to

DELETE FROM my_valuable_data

that could be disastrous!

More capabilities will be added to this type of data manipulation to further secure it and make it more powerful, but it is strongly recommended not to use it in external World Wide Web applications before these security measures are in place.

[Top] [Prev] [Next] [Bottom] [Contents]

info@bluestone.com

Copyright © 1997, Bluestone. All rights reserved.