Questions and discussion about developing processes and programming in PHP, JavaScript, web services & REST API.

Moderator: amosbatto

Forum rules: Please search to see if a question has already asked before creating a new topic. Please don't post the same question in multiple forums.
#789841
Hello everyone,

The sql property of a web control is normally set during form design. However, can this be set during run time using Javascript? In that way, one could potentially use one checkgroup variable to repeatedly executeQuery() and get desired results.

Thanks in advance,
SGK
#790317
For security reasons, ProcessMaker doesn't allow you to change the SQL query when running a DynaForm. What you can do is create a textbox whose value is used by an SQL query.

For example, you have a DynaForm with two controls:
- a dropdown with the ID and variable "sqlQuery", which has the following options:
selectOptions.png
selectOptions.png (30.03 KiB) Viewed 1395 times
-a dropdown with the ID "selectOne" with the with following SQL query:
Code: Select all
SELECT @=sqlQuery
When the user selects a query, it will be executed in the selectOne dropdown. The problem is that this is a potential security risk, because a hacker can send any SQL query to the database. Always make SELECT a fixed part of SQL property for the dropdown box, so a hacker can't use a DELETE, UPDATE or INSERT statement which would alter the contents of the database. It is recommended to fix more parts of the SQL query for more safety, such as:
Code: Select all
SELECT @=fieldsList FROM PMT_CLIENTS WHERE [email protected]@selectCountry
Here is another example, which might help you.
You have a DynaForm with the following controls:
- a checkgroup with the ID "selectCountries"
- a textbox with the ID and variable named "countryList"
- a dependent dropdown box with the ID and variable named "selectClient", which has the following SQL query to populate its list of options:
Code: Select all
SELECT ID, NAME FROM PMT_CLIENTS WHERE COUNTRY IN (@=countryList)
Then use the following JavaScript to set the list of countries:
Code: Select all
$("#countriesList").hide(); //hide the textbox when the form loads 

//When a country is selected in the selectCountry checkgroup, 
//then it is added to the "countriesList" textbox to be used in the query:  
$("#selectCountries").setOnchange( function(aVals, aOldVals) {
  var countries = '';
  for (i in aVals) {
    countries += (countries == '' ? '' : ',') + "'"+aVals[i]+"'"; 
  }
  $("#countriesList").setValue(countries);
});
Note that hidden controls cannot be independent fields whose value is used by dependent field queries, so you need to hide a normal textbox with JavaScript.

Here is a sample process with the above examples in them and a sample PMT_CLIENTS table to test the second example.
(37.34 KiB) Downloaded 134 times
(4.97 KiB) Downloaded 126 times

As you have got seen that after every single updat[…]

issue with processmaker 3.2

Hello! The solution to your question is the foll[…]

BPMN project disappeared

Hi Alex! , maybe you forgot to save your process[…]

mcrypt extension is deprecated!

Hello Ehsan! If you did not find the mcrypt ext[…]