Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning
titlePrevent SQL injection

When using Hash Variable that uses URL parameter or user-inputted value in the SQL query, ensure that these hash variable(s) are escaped in the query!

Make use of hash variable escape keywords, see Hash Variable - Escaping the Resultant Hash Variable.

Example of VULNERABLE query:

SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id#'

To fix this, use ?sql hash variable escape:

SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id?sql#'

Introduction


English

Database SQL Query List Action allows you to perform SQL queries on one (a row action) or more records (a bulk action) in your datalist. You can specify which database to perform the SQL function, either the current Joget database (default datasource) or a custom datasource (external database).

Database SQL Query List Action can be used to delete records or perform an update on one or more records based on user selection in the datalist checkboxes.


Database SQL Query List Action Properties

...

APP_datalist_using_jdbc_dx_kb.jwa