Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General Discussion » View Thread |
Messages 1 to 4 of 4 total |
Datasets and columns at runtime |
Mon, Jul 6 2015 5:15 PM | Permanent Link |
Ricardo | Hi.
I need to work with Firebird database, using ODBC, and these are some doubts: 1. How to create a dataset at runtime 2. How to load all columns at runtime The goal is to create a generic form, create all the utilities to edit a record and then creating a new inherited form. Example: 1. Create DataSet for Firebird (ODBC) 2. Asign SQL.Text := 'SELECT * FROM '+Table+' WHERE Code = :Parameter', 3. Open query with Parameter and asign fields to edits controls Sometimes, I won't know all the fields in the table, so I can not predefining them and, in addition, thus it is easier to create a generic form Thanks |
Tue, Jul 7 2015 4:17 AM | Permanent Link |
Matthew Jones | Ricardo wrote:
> I need to work with Firebird database, using ODBC, and these are some > doubts: Me too! 8-) The key here is to think about your whole application - there are two parts, the server and the client(s). The clients are the EWB part, and they can use any standard web protocols like REST or anything similar to return data and to take actions. The server is "just code" that does what you want the clients to be able to do. The main doubt I have for you is to consider security. The key is that if ANY client is able to issue database table operations, where any SQL at all is sent, then your whole server is at risk from hackers. It is easy for the browser code to be modified, and instead of your "SELECT" I can sent "DROP *" and your data is gone. EWB solves this by "canning" the queries on the server, and using the database permissions and authentication to make sure it is okay. Since you can only do the operations the developer determined, the client can't do anything silly. Tim has sample code for doing the basics of simple data operations, but you might want to consider an alternative where you use an "API" using REST or the RemObjects SDK or similar. For this, you define operations that the clients will want to do, and specify the parameters, and then your server does the work, having checked the permissions etc. In my web shop for example, I have calls to get the list of products available to a user, and that returns JSON which the client can interpret. If they add one to the basket, it sends the product code and the quantity to the server to get the price, which may have different taxes applied. On the admin side, the administrator might select an order to mark it shipped, and a call to the server with the order ID is sent. There is no SQL at all on the client, so I can modify the back end to work however I want without updating the clients. Anyway, you need to think around this - in general making a database accessible with any SQL from the client is very dangerous (and don't expect to be able to sanitise it - there are clever tricks to overcome that too). -- Matthew Jones |
Wed, Jul 8 2015 12:48 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Ricardo,
<< I need to work with Firebird database, using ODBC, and these are some doubts: 1. How to create a dataset at runtime 2. How to load all columns at runtime >> You can do both of these things at runtime in the client-side EWB application, but not for the server-side dataset definitions. As Matthew states, it's a huge security risk/hole for any web server to accept SQL from a client application. However, you *can* write a custom dataset module that can provide a list of datasets to select from, and then use that list on the client to set up the columns and load the datasets. I'll have to work up an example project that does this so you can see how it works. I'm finishing up a web server module video over the next few days, so that will help with the "how to create a web server module" part. Tim Young Elevate Software www.elevatesoft.com |
Thu, Jul 9 2015 2:20 AM | Permanent Link |
Godfrey Ultimatesoft | << I'll have to work up an example project that does this so you can see how it works. I'm finishing up a web server module video over the next few days, so that will help with the "how to create a web server module" part. Tim Young Elevate Software www.elevatesoft.com >> Looking forward to this. I would like to understand it better. |
This web page was last updated on Wednesday, August 14, 2024 at 02:26 AM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |