Submitted by Niels Liisberg on Fri, 07/12/2013 - 00:00
Forums
IceBreak

A nice new feature in IceBreak is the possibility to save sql statements external from the application to avoid SQL injections. Basically it it a combination of Markers and a new IceBreak function that expands strings from templates with markers.

To expand a string using markers you need a template – just like a HTML template with markers which has been in IceBreak for ages. But instead of placing the result into the responseObject you can now use a basic VARCHAR to do the trick.

All the magic is done by the strTemplate() IceBreak build-in function. It returns a varchar with the result and take a template string an extra parameter json string or json object.

     Res = strTemplate(template: jsonParms);

All the markers are indicated with the $ as a prefix.

You can use cookies, system values, globals, session variables and markers to render from the template. Each set has its own nam-space. I.e.

     $system. Denotes the System and server variables

     $global. Demotes global variables

     $session. Denotes the session variables

     $marker. Denotes the "original" icebreak markers set by setMarker

     $request. Denotes the query string of form if any provided

Other marker values are directly from the json object you provide.

Lets take it for a spin:

Try the following from :

http://systest.icebreak.org/strTmpl1.aspx?myname=John (see screen shot 1)

Now – yet another new feature db_Execute() which let you run any SQL or Query/400 and provide you with data stores in JSON, XML, HTML and CSV format. db_Execute() takes all parameters as a JSON object in either a JSON string or a JSON object and can produce datastore suitable for client frame ExtJs, Jquery, DoJo, Backbone .NET etc.

Let see how easy you can define a datastore :

http://systest.icebreak.org/dbexecute.aspx (see screen shot 2)

If we combine the strTemplate() function with db_Execute() you can provide parameters for the sql query very easy (see screen 3).

Last step is to combine the getStreamString build-in to store the template away from the program object on the IFS to make the application totally dynamic (see screen shot 4).

Best regards,
Niels Liisberg