Mashups in MashZone NextGen Wires : Creating Mashups in Wires : Add Actions or Other Blocks : Run a SQL Statement : Using Input Parameters as SQL Query Parameters
Using Input Parameters as SQL Query Parameters
You can insert the value of an Input block as a value for a condition in a SQL statement by typing in :input-block-name as shown in this example:
Note:  
Using this syntax to supply input parameters to a SQL query removes any risk of an Internet attack known as SQL Injection.
In this example, the parameter value is a string that must include the % symbol for the query to work properly:
To use input parameters in a SQL statement:
1. You must add the Input block(s) to the mashup before you enter the SQL statement. See Add Input Parameters for more information.
2. Change the Input block names to something meaningful, if needed. See Changing Mashup Input Parameter Names for more information.
3. Then enter the SQL statement in the Enter SQL Statement property using the input parameter names you have assigned.
Copyright © 2013-2016 Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback