Do you build criteria by using a where clause?
17/11/2016 4:14 AM by
It is very common to come up with ways to filter data.
As an example, you could do it like this.
Figure: Filtering Data
This allows you to easily extract fields and values, but it only works for the fields you hard code. You could get around it by writing complex code to build a SQL query or ignore the ones that don't match.
But this gives exact matches. E.g.:
What if you want to give the ability to allow the user to be able to use a like e.g.
ClientID like '%ssw%'
Well then I could add something like
But why do this when a WHERE clause in SQL can do all this
Figure: Similar matches
Try this - ClientSearch.aspx?Where=Client.ClientID%20like%20'%ssw%'
The Pros for do this are:
- It shows the database schema to the users - users maybe should not see the structure of the database.
- Security - the where clause could show data we don't want users to see.
- Got to add a little extra code to avoid SQL injection.
Do you feel this rule needs an update?