Versions Compared

Old Version 4

changes.mady.by.user Andrew

Saved on

compared with

New Version Current

changes.mady.by.user PT

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Warning
titlePrevent SQL injection

When using Hash Variable that uses URL parameter or user-inputted value in the SQL query, ensure that these hash variable(s) are escaped in the query!

Make use of hash variable escape keywords, see Hash Variable - Escaping the Resultant Hash Variable.

Example of VULNERABLE query:

SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id#'

To fix this, use ?sql hash variable escape:

SELECT * FROM app_fd_sample_table WHERE c_value = '#requestParam.id?sql#'

Introduction

English
JDBC Datalist Database Binder gives you the flexibility of designing a

...

datalist by using your own custom SQL

...

queries and database connection.

JDBC Datalist Properties

Configure JDBC Datalist Binder

Image Added
Figure 1: JDBC Datalist Properties

NameDescription
Datasource

Target database to execute SQL statements on.

Choices:-

  • Custom Datasource
    • JDBC Connection Parameters are needed for this choice.
  • Default Datasource
      By selecting Default Datasource, the
        • Points to the current database your copy of Joget
      is currently using will be selected.

    Image Removed
    Figure 1: JDBC Datalist Properties

      • currently connects to.
    Custom JDBC DriverCustom

    JDBC

    Driver. This field is required when Custom Datasource is selected in Datasource above. Example: com

    driver name.

    Example values:

    • com.mysql.jdbc.Driver (MySQL)
    • oracle.jdbc.driver.OracleDriver (Oracle)
    • com.microsoft.sqlserver.jdbc.SQLServerDriver (Microsoft SQL Server)

    Only applicable to "Custom Datasource" option.

    Custom JDBC URL 
    		Custom JDBC URL. This field is required when Custom Datasource is selected in Datasource above

    Database connection URL.

    Example: jdbc:mysql://localhost

    /jwdb?characterEncoding=UTF8&useSSL=false

    :3306/jwdb

    Only applicable to "Custom Datasource" option.

    Custom JDBC Username 

    Database username.

    Example: root

    Only applicable to "Custom Datasource" option

    Custom JDBC Username. This field is required when Custom Datasource is selected in Datasource above

    .

    Custom JDBC Password

    Specified database user's password.

    Only applicable to "Custom Datasource" option

    Custom JDBC Password. This field is required when Custom Datasource is selected in Datasource above

    .


    Info
    titleTest the connection parameters

    Click on the "Test Connection" button at the bottom of the page to quickly test out your configurations.

    SQL SELECT Query 
    SQL Select query to populate the datalist.


    Code Block
    languagesql
    titleExample
    SELECT * FROM app_fd_myTable
    Note

    If a column name contains reserved keywords, do ensure it is encapsulated properly.

    For example for MySQL, if the column identifier itself contains a dot symbol ( . ), it should be encapsulated like this:

    Code Block
    languagesql
    SELECT `myAppName.myColumn` FROM app_fd_myTable;
    Info
    titleTable & Column Naming
    • For database tables created by Joget Forms, Joget adds a "c_" in front of table column names (or "t_" if your column name starts with a number) and "app_fd_" in front of database table names.
    • If you use environment hash variables to store SQL query strings, use "?noescape" to escape SQL query strings in JDBC binders to prevent the "<>" "not equal" operator from being converted, i.e. disables XSS prevention checking. Read here for more information..
    Primary Key 

    Define the primary key column.

    By default, it should be "id".

    Optimize query for paging

    When checked, the binder only fetches selected page's items rather than the returning the whole data set for improved loading speed. Note: Only applicable to MYSQL and MSSQL target databaseto optimize the performance for large dataset paging.

    Only works for MySQL and Microsoft SQL Server 2012 onwards.

    Related JDBC Binders & Useful Links

    Download Demo

    ...

    App

    APP_datalist_using_jdbc_dx_kb.jwa