I am working on a Crystal Reports in Visual Studio 2010 and I have a variety of different parameters and prompts for the user to filter out the specific data they want. For example, I have a parameter for Account and a parameter for Product Name dynamically populated. By default, if a user selects a filter for each of these parameters (account A and product B for example) a logical AND is performed. Only rows containing account A and product B are returned.
Is there a way to make this behave as an OR or an AND (user specifies?) So I can return all rows for account A OR product B
I know that it would be easy to change my formulas to treat this as an OR but what I would really like is for the user to be able to somehow specify whether or not the parameter should be treated as an AND or an OR.
If I'm understanding you correctly, you can pass a third string parameter in, call it {?Logic}, which contains either "AND" or "OR", and from there you can do:
IF {?Logic} = "AND"
' Do your AND code here
ELSE
' Do your OR code here
I realize you're basically repeating the query, once using AND and once using OR, but as long as the query isn't too cumbersome, this might be the cleanest way to do it.
Related
I would like to add an option that user using web ui can define some views in our product.
We let super admins put in SQL query that would create that view.
Do you know if there are any tools for parsing SQL Query and check if it is valid SQL Query for only creating view?
I assume the input is secure, so your superusers are not going to try to inject stuff ;-)
Anyway the comment above is correct, at least you should check for semicolon and comments. Also that the string starts with "SELECT "
The easiest way - after this basic checks - would be to let them insert the SELECT-Query alone and test it on your connections. Then catch any exception and display it to the superuser.
In case of success, you could even display some of the result, in order give them the possibility to validate the query.
After that you prefix in your code the SELECT with "CREATE VIEW AS " in order to create the view on your database.
One possibility is to create a unique role that has select access on every table in the database but nothing else. Then have your C# run the query as that user in a try/catch block. This would even eliminate the possibility of SQL injection and/or provide a failsafe for well meaning but careless users.
The main disadvantage I see is that you would need to continually update permissions to ensure that the user is granted select access to new objects, but I think you can define those types of cascading permissions at the schema level... never tried it at the database level.
Force the query to begin with “CREATE VIEW”, e.g. by prefixing whatever is entered with that string.
Make sure that there is no semicolon inside the query. This will exclude some valid queries (that contain something like “WHERE a = ';'” or “/* comment; */”), but it is simple and you might get away with it.
I have searched and searched and have not been able to find the answer to this. I'm no stranger to SSRS, .Net (c# and vb.net), SQL, etc...been in it for years. I currently have a multi-select report parameter that is populated by a dataset in my report. There are hundreds of entries, so I built it to be driven by a wildcard character in a preceding parameter. Everything works fine right now. My question is this: is it possible to enter a wildcard value, select one (or more) of the filtered values and then store that/those value(s) on selection so that a user can go back and enter another wildcard value and select from a newly filtered list? (Basically, remember what has been selected in the overall dataset before report execution and create some sort of comma-separated list as the final parameter value to be passed to the report) I realize this may be better served in a web app w/a reportviewer control, but I'm trying to avoid deviating from the native SSRS server if possible. Thanks in advance!
The way I might approach this (not actually done it but the theory sounds ok)
Have 2 parameters for user input, your current one and a hidden one called say #filter (visible) and #filterHistory (this is the hidden one)
Have a textbox (formatted like button) with something like "Refine" as the text. Set the action to call your report again but set the #filterHistory to be something like #filterHistory & ", " & #filter. Basically we keep appending the last user input to the history.
Then your report would filter based on both parameters. You'll have to do some parsing of the delimited parameter now to split it out into the constituent parts but you get the idea.
I've no time to build a test report but hopefully that will point you in the right direction. If it doesn't help or work then comment and I'll see if I can knock up a quick example.
Similar to Column Number rather than Column Name but I believe it's different because that was for unnamed columns, whereas my columns are named, I just don't know the names ahead of time.
First, some background. I'm creating a method that takes a query and its arguments as parameters, then runs the query (using Dapper) and checks if the first row, first column value is a 1 or a 0. It's intended to work as a generic validator for databases.
For example, the user could enter a query that returns a 1 in the only row's only column if some value exists in some table, and a 0 otherwise. The use of this method is intentionally very broad and most of the effort is put on the user writing the query (I should also clarify that the "user" in this case is always another developer and the use is done within code calling this method, not on, say, form input).
I want to query my database and get the value of the first row, first column without knowing the name of the column ahead of time. Ideally (though I'm not sure if this is possible or not within the Dapper call), I'd also like to require that there only be one row and one column in the result. When I was searching around, I based my initial solution on this post's first answer, but found that for that to work I needed to know the name of the column:
var dict = connection.Query(query, parameters).ToDictionary(row => (string)row.VALUE);
if(dict.ElementAt(0).Value != 1){
//do stuff
}
I thought of just adding a requirement that the user add an alias that names the first column some constant value (in this case, VALUE), but I'd prefer not to put the burden on my user if at all possible.
Ultimately my core issue is: how can I get the value of a named column in a DB using Dapper without knowing the name of the column?
Does anybody have any ideas?
I've done this successfully by just using int as the type in the generic Query method as such:
int value = conn.Query<int>(sql,
commandType: CommandType.StoredProcedure).FirstOrDefault();
Notice the use of the FirstOrDefault method. So you get 0 or whatever the value is from the DB.
The easiest thing to do would be to make sure the SQL command ALWAYS returns the same column name, by way of an alias. Then your C# code can just use that alias.
Using Tortuga Chain
var result = DataSource.Sql(query, parameters).ToInt32().Execute();
I'd also like to require that there only be one row and one column in the result
By default, Chain uses DbCommand.ExecuteScalar. This returns the first column of the first row, ignoring everything else. To add that restriction I would do this:
var result = DataSource.Sql(query, parameters).ToInt32List().Execute().Single;
Another option is to change how you generate the SQL. For example,
var filterObject = new {ColumnA = 1, ColumnB = "X", ColumnC = 17};
var result = DataSource.From(tableName, filterObject).ToInt32(columnName).Execute();
This has the advantage of being immune to SQL inject attacks (which is probably a concern for you) and ensures that you SQL only returns one column before it is executed.
I would like to know if anyone knows if it is possible to run a SAP User Compare from c# using ERPConnect 4 from Theobald? If so, how?
I can open a connection to SAP and run functions - just don't know how to do User Compare.
EDIT:
It seems like we have to run the report PFCG_TIME_DEPENDENCY.
If anyone knows how to run a report with ERPConnect, or if there exists a functional module in SAP that can run a report, that will also help.
I am not exactly sure what your comparison has to include, but I assume, that you want to compare attributes of the users. If that is the case, you could download the users data from the SAP tables. Here is a starting point for what tables you probably need: http://www.tcodesearch.com/sap-tables/detail?id=USR01
USER01 is the user master record, containing all user with it's main attributes. You can find other interesting related user table through the link above.
To read a table using Erpconnect, look at this link: https://my.theobald-software.com/index.php?/Knowledgebase/Article/View/21/23/reading-sap-tables-directly
You need to create an instance of the ReadTable class. Then you add the fields you are interested in using the AddField method (e.g. MANDT and BNAME for the USR01 table). You could but don't have to enter filter criteria using the AddCriteria method. If you do add multiple creteria, be sure to add boolean operators like "and" or "or":
table.AddCriteria("LANGU = 'D'");
table.AddCriteria("AND MANDT = '007'");
Finally set the table name of the table you want to download and execute the Run-Method. After that you can loop through the results stored in <your RunTable-Instance>.Result.Rows
Sascha
I searched but I could not find anything similar to what I need so I will appreciate your help.
I have an aspx page that I want to create new textbox fields dynamically upon user request (this is the easy part). The user can ask for any number of fields since they will be used to filter an SQL server table. To make a long story short the table has 23 columns and the user can create multiple textbox for each column so that the general SQL query will search according to the text he will enter in those textbox.
For instance - the user can choose the 'type' field and create 3 textbox which he will enter 'b' for the first, 'c' for the second and 'e' for the third so the query will look something like that:
SELECT *
FROM table_name
WHERE type like '%b%' or type like '%c%' or type like '%e%'
I hope you can understand what I'm looking for,
Any help will be great...
Do a for each loop with all the relevant textboxes. In there you can create the SQL Query and add or type like '%X%' blocks for any nuber of textboxes the user has created. This way the SQL Query will always have the dynamic count of or type like '%c%'