Param

<srs>
  <def>
    <itm model="param" name="somedate" type="date"></itm>
  </def>
</srs>

Attributes

Required:

• name

Optional:

• label - name
• title - placeholder
• scope - command - parameter will be applied only to matching command (comma separated values available)
• value
  • null - equals null
• lg - hide/show on desktop
• sm - hide/show on mobile
• type - UI type / DB type default text
  • select - dropdown type
  • number integer money decimal / decimal
  • int bigint tinyint smallint integer / bigint
  • uniqueidentifier uuid / uniqueidentifier
  • date / date
  • datetime datetime2 smalldatetime time / datetime
  • float / float
  • xml / xml
  • ansi / varchar
  • text, password, hidden, color, checkbox / nvarchar
  • • you can use any type https://www.w3schools.com/tags/att_input_type.asp
• opts
  • server - server side parameter useful for predefined values cannot be overwritten by user
  • json-body - entire body request as parameter
  • json-xml-root - convert json to xml (root element created)
  • json-xml - convert json to xml (root element not created)
  • req - parameter required

Notes

Using proper data type is important for proper data validation

Parameters

Processing order:

1. Server side parameters (cannot be overwritten by user)
2. Query String
3. Body Parameters

• SQL injections Using parameters is safe and recommended. To better understand what is SQL injection and why we do not allow processing commands read https://owasp.org/www-community/attacks/SQL_Injection

 <itm model="param" name="username" opts="server">[[kv.v.user.username]]</itm>

Server Side Variables

There are few predefined variables available.

• [[kv.v. .....]] all variables in kv.v. scope
• [[kv.v.owner.name]] Owner Name, also in footer
• [[kv.v.owner.contact]] Owner contact, also in footer
• [[kv.v.owner.footer]] Footer additional text
• [[kv.v.owner.language]] Default language
• [[kv.v.user.username]] - username
• [[kv.v.user.userid]] user id
• [[kv.v.user.currency]] currency
• [[kv.v.user.teamid]] teamid
• [[kv.v.user.app_name]] user current applicaiton name
• [[kv.v.api.version]] version
• [[app_name]]
• [[apimethod]] - GET/POST
• [[apipath]] - example {{host}}/api/srs/xtet?param=param
• [[userpermission]] csv list
• [[basepath]] - example http://test.com
• [[srs_name]] - srs_name
• [[session_id]] - Sql Server UUID, database friendly

Dropdown

<srs label="Select Example">
 <def>
    <itm model="param" name="BillingCity" type="select"></itm>
    <itm model="command" name="data" >
<![CDATA[
  SELECT
    [InvoiceDate],
    [BillingCity],
    [Total]
  FROM [dbo].[Invoice]
  where 
    InvoiceDate >= @datefrom
    and InvoiceDate <= @dateto
]]>
    </itm>
    <itm model="command" name="BillingCity" opts="pscope"> 
        select city,cityname from city
    </itm>
  </def>
</srs>

Checkbox

  <itm model="param" name="critical" type="checkbox">true</itm>
  <itm model="param" name="Warning" type="checkbox">false</itm>

Default values

<srs>
  <def>
    <itm model="param" name="datefrom" type="date">[[datefrom]]</itm>
    <itm model="param" name="dateto" type="date">[[dateto]]</itm>
    <itm model="command" name="srssetup" type="server">
select 
  convert(varchar,DATEADD(month, DATEDIFF(month, 180, getdate()), 0),23) datefrom,
  convert(varchar, EOMONTH(getdate()), 23) dateto
    </itm>
    <itm>
      <![CDATA[
SELECT
  [InvoiceDate],
  [BillingCity],
  [Total]
FROM [dbo].[Invoice]
where 
  InvoiceDate >= @datefrom
  and InvoiceDate <= @dateto

  ]]>
    </itm>
  </def>
</srs>