Param

Parameters are used to pass values to commands.

<itm model="param" name="somedate" type="date"></itm>

Attributes

Required:

• name

Optional:

• label - display name
• title - placeholder text
• scope - parameter will be applied only to the matching command (comma-separated values available)
• text
  • null - equals null
  • server-side variables [[variable]] are available; see server-side variables
• lg - hide/show on desktop
• sm - hide/show on mobile
• type - UI type / DB type, default is text
  • select - dropdown type
  • number integer money decimal / decimal
  • int bigint tinyint smallint integer / bigint
  • uniqueidentifier uuid / uniqueidentifier
  • date / date
  • datetime datetime2 smalldatetime time / datetime
  • float / float
  • xml / xml
  • ansi / varchar
  • text password hidden color checkbox / nvarchar
  • you can use any input type; see https://www.w3schools.com/tags/att_input_type.asp
• opts
  • server - server-side parameter; useful for predefined values that cannot be overwritten by the user
  • json-xml-root - takes the property and converts it to XML; supports for arrays, array is forced and elements are wrapped in a row
  • json-xml - takes the property and converts it to XML; will throw an error if the JSON is an array; use json-xml-root for arrays or send JSON with a root element
  • body-xml-root - takes the body as is and converts it to XML; supports for arrays, array is forced and elements are wrapped in a row
  • body-json - takes the entire body as JSON and sends it as JSON; supports JSON objects and arrays
  • req - parameter is required

Note

Deprecated aliases: json-xml-body → body-xml-root, json-body → body-json.

Note

Using the correct data type is important for proper data validation.

Parameter Processing Order

Parameters are processed in the following order:

1. Server-side parameters (cannot be overwritten by the user)
2. Query string
3. Body parameters

Using parameters is safe from SQL injection and is recommended. To learn more, see OWASP SQL Injection.

 <itm model="param" name="username" opts="server">[[kv.v.user.username]]</itm>

Examples

All examples

Parameter UI

  <itm model="param" name="param1" type="checkbox">true</itm>
  <itm model="param" name="param2" type="checkbox">false</itm>
  <itm model="param" name="param3" type="number"></itm>
  <itm model="param" name="param4" type="date"></itm>

Dropdown

<srs label="Select Example">
 <def>
    <itm model="param" name="BillingCity" type="select"></itm>
    <itm model="command" name="data" >
<![CDATA[
  SELECT
    [InvoiceDate],
    [BillingCity],
    [Total]
  FROM [dbo].[Invoice]
  where 
    InvoiceDate >= @datefrom
    and InvoiceDate <= @dateto
]]>
    </itm>
    <itm model="command" name="BillingCity" opts="pscope">
        select city,cityname from city
    </itm>
  </def>
</srs>