Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Module ForumsModule ForumsReportsReportsReports Module and the new Token Replace engineReports Module and the new Token Replace engine
Previous
 
Next
New Post
9/21/2007 9:29 PM
 
Chuck Rizzio


Joined: 2/17/2006
Posts: 287

Team,

Are there plans to support to the new Token Replace engine that Stefan talks about in his blog here(http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryID/1547/Default.aspx) in the Reports Module?  It would be great to be able to create reports that can use framework values in selection criteria such as this simple example...

select * from UserRoles where userid = [User:Userid]

I have an immediate need to build a query that returns transaction summary data based on userid (i.e. sales for the year).  I was planning to do it with a custom module until I saw Stefan's post about the new token functionality in 4.6.0.

Thanks, Chuck
 
New Post
9/22/2007 3:34 AM
 
Stefan Cullmann


Stefan Cullmann's Avatar

Joined: 1/6/2005
Posts: 2867

I hope that Andrew will never go this simple way to prevent SQL injection attacks. It is important to pass these values as parameters. 
The new token replace engine will be helpful using the IPropertyAccess interface. I am currently rewritting the parameter editor to use these classes. 

XML module work in progress:

Instead of using Static parameters, you can use also every property source that is available also for TokenReplace.
 
New Post
10/16/2007 5:13 PM
 
Brian Howard

Joined: 12/28/2004
Posts: 146

Chuck,

I need the same thing.... Did you ever get a solution?

I
 
New Post
10/17/2007 5:50 AM
 
Chuck Rizzio


Joined: 2/17/2006
Posts: 287

Hi BK,  Well yes-and-no... I didn't find the solution I was hoping for so I wrote a quick little module that calls a stored procedure that I pass the userid to.  It works but it's not very flexible.  I'm hoping the next version of the Reports module and/or XML module provide a more flexible solution.

Chuck R.
 
New Post
10/17/2007 9:00 AM
 
Andrew Nurse

Joined: 4/12/2004
Posts: 433

The Reports module does support passing the PortalID, TabID, ModuleID and UserID to the query by using the following SQL Parameters: @PortalID, @TabID, @ModuleID, @UserID. So if any of those four parameters are used in the Query, they will automatically be replaced with the current Portal, Tab, Module, or User ID (respectively). This is done in a secure way, to avoid SQL Injection attacks. For example, if you want to retrieve information about the current user, you can use this query:

SELECT * FROM dnn_Users WHERE UserID = @UserID

Note that you must disable caching, otherwise one User may be able to see another User's results.

There are plans for a more detailed parameter system in future releases, but I can say this: Reports Module will never support TokenReplace due to security issues. TokenReplace is a very useful system, but the parameter system provided by SQL Server is much more secure and avoids SQL Injection attacks.

Andrew Nurse
DotNetNuke Core Team Member and Reports Module Project Lead
Microsoft Certified Professional Developer
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Module ForumsModule ForumsReportsReportsReports Module and the new Token Replace engineReports Module and the new Token Replace engine


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out