Param

Parameters are used to pass values to commands.

<itm model="param" name="somedate" type="date"></itm>

Attributes

Required:

• name

Optional:

• label - name
• title - placeholder
• scope - command - parameter will be applied only to matching command (comma separated values available)
• text
  • null - equals null
  • server side variables [[variable]] are available see server side variables
• lg - hide/show on desktop
• sm - hide/show on mobile
• type - UI type / DB type default text
  • select - dropdown type
  • number integer money decimal / decimal
  • int bigint tinyint smallint integer / bigint
  • uniqueidentifier uuid / uniqueidentifier
  • date / date
  • datetime datetime2 smalldatetime time / datetime
  • float / float
  • xml / xml
  • ansi / varchar
  • text, password, hidden, color, checkbox / nvarchar
  • • you can use any type https://www.w3schools.com/tags/att_input_type.asp
• opts
  • server - server side parameter useful for predefined values cannot be overwritten by user
  • json-body - entire body request as parameter
  • json-xml-root - convert json to xml (root element created, if array of items each item wrapped in row)
  • json-xml-body - body request as parameter
  • json-xml - convert json to xml
  • req - parameter required

Notes

Using proper data type is important for proper data validation

Parameters Processing order

Parameters are processed in the following order:

1. Server side parameters (cannot be overwritten by user)
2. Query String
3. Body Parameters

• SQL injections Using parameters is safe and recommended. To better understand what is SQL injection and why we do not allow processing commands read https://owasp.org/www-community/attacks/SQL_Injection

 <itm model="param" name="username" opts="server">[[kv.v.user.username]]</itm>

Examples

All examples

Parameter UI

  <itm model="param" name="param1" type="checkbox">true</itm>
  <itm model="param" name="param2" type="checkbox">false</itm>
  <itm model="param" name="param3" type="number"></itm>
  <itm model="param" name="param4" type="date"></itm>

Dropdown

<srs label="Select Example">
 <def>
    <itm model="param" name="BillingCity" type="select"></itm>
    <itm model="command" name="data" >
<![CDATA[
  SELECT
    [InvoiceDate],
    [BillingCity],
    [Total]
  FROM [dbo].[Invoice]
  where 
    InvoiceDate >= @datefrom
    and InvoiceDate <= @dateto
]]>
    </itm>
    <itm model="command" name="BillingCity" opts="pscope"> 
        select city,cityname from city
    </itm>
  </def>
</srs>