1

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt.functions

Enabling Intelligent Decisions©

BIRT Multi-Select Parameters The Safe and Easy Way

2

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt.functions

BIRT Project

Our InvolvementInvolved with project since inception (2004)OS BIRT & Actuate BIRTBIRT PMC & BIRT CommittersBIRT World / BIRT Exchange

Our FocusFor your ProductFor your ProjectFor your Enterprise

3

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt.functions

BIRT Services

ServicesBest PracticesDesign, Development & DeploymentRemote Consulting and SupportBIRT Training

Selected ExperienceAldonBlackboard

4

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt.functions

Multi-Select the Easy Way

Multi-Select Parameters Available in 2.2Builds an array of values

Often Used with SQLConstrain query to range of valuesWhere state in (‘MN’, ‘NC’, ‘CA’)

5

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt.functions

Implementation Techniques

JavaScript Event HandlersDataSet Property Binding

Two Issues Maintenance

(query & expression)SQL Injection

6

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt.functions

SQL Injectionselect * from orders where state in (?)

? = “ ‘MN’); drop database;select * from dual where 1 in (‘1’ ”

select * from orders where state in (‘MN’);drop database;select * from dual where 1 in (‘1’)

DON’T

DO

THIS

7

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt.functions

Parameter Binding

Supported by JDBC and all DatabasesStops SQL Injection Attacks

select * from orders wherestate in (?,?,?)

Each parameter value requires a binding

8

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt.functions

Can BIRT Do This?

AbsolutelyDesign Engine API

Read QueryTextFind Parameter Names / ValuesModify SQL Text to add ‘?’ Add Parameter Binding to DataSet

9

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt.functions

Can BIRT Do This Easily?

AbsolutelyUse standard SQL Syntax Use ScriptFunctionExtension point

Build your own functionsExpose those functions in the UINew to 2.3.1

10

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt.functions

Standard SQL Syntax

Select * From OrdersWhere 0=0-- and status in (‘MS:parameterName’)

11

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt.functions

Use the ScriptFunctionExtension

The easiest BIRT extension pointExtremely useful Many simpler applications

Combining the DEAPI and ScriptFunctions is more difficult.

Don’t Let these examples scare you away.

12

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt.functions

DEMO Time

Simple DEAPI ExampleAdd a Label to a blank design

Work with ParametersDynamically show parameters in design

Multi-Select ExampleIn action

13

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt.functions

Questions and Contact Info

Scott [email protected](763) 225-8418

Keith [email protected](562) 698-8583

http://innoventsolutions.com

14

Source at: http://longlake.minnovent.com/repos/birt_example/innovent.birt.functions

Questions ?

Source in Subversionhttp://longlake.minnovent.com/repos/birt_exampleproject: innovent.birt.functions