Escaping field value in custom transaction
I have created a custom transaction inserting fields in a table called `billing`. The values are taken mainly from two other tables called `account` and `paypalinfo`. I have attached the code below.
Please not the values to be inserted notated in wavy brackets like{paypalinfo.txnid}. This means the variable content is replacing what is in between the brackets and the brackets themselves of course at run time. Sine these are often character strings, I have put them into single quotes.
This worked great until I had an Irish guy acccessing my site with the sirname of O'Hara. That of course confused the statement, as suddenly there was a ' character, which was supposed to be interpreted as string, but was interpreted as SQL field delimiter and thus broke the code.
Here is my question: Should I escape the value and how would I do it, since this is not a normal code but a placeholder replaced at runtime? Or should I use another SQL field value delimiter, thus replace ' with ` ? I think the latter solution is inferior - just think of what heappens if you get an O`Hara instead of an O'Hara.
So in essence the question is: How do you handle escaping varabiable content in custom transactions with run time replaced variables in {...} brackets?
Any feedback welcome.
Here is the code:
// Make a custom transaction instance
$customTransaction2 = new tNG_custom($conn_chilli);
$tNGs->addTransaction($customTransaction2);
// Register triggers
$customTransaction2->registerTrigger("STARTER", "Trigger_Default_Starter", 1, "POST", "KT_Insert1");
// Set custom transaction SQL
$customTransaction2->setSQL("INSERT INTO billing (buyer_email, account, affiliate, partner, admin, transid, transdate, buyer_fname, buyer_lname, package, minutesbought, amountpaid, currency, userid, mac, nasid, routermac) values ('{paypalinfo.buyer_email}','{paypalinfo.account}','{account.affiliate}', '{account.partner}', '{account.admin}', '{paypalinfo.txnid}', '".$right_now."', '{paypalinfo.firstname}', '{paypalinfo.lastname}', '{paypalinfo.itemname}', '{package.tavail}', '{paypalinfo.mc_gross}', '{paypalinfo.mc_currency}', '{SESSION.id}', '{paypalinfo.usermac}', '".$router_name."', '{paypalinfo.routermac}')");
You should never be using anything but:<br /><br />'b string mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier ] )<br /><br />'i http://www.php.net/manual/en/function.mysql-real-escape-string.php<br /><br />The reasons for this is that this are related to SQL injection attacks. I would hand code this, but for anything more complex than CRUD ( http://en.wikipedia.org/wiki/Create,_read,_update_and_delete ) (which ADDT handles very nicely) I favor hand coding as it is faster, less complex when enforcing business process. Also, this allows one usage of the database management system's transaction mechanisms which are typically far more robust and reliable on top of being simpler to work with. <br /><br />Please note that the type of my storage for your database within MySQL will support different features. To enable the usage of database transactions you will need to use the InnoDB table type rather then the default MyISAM table type. Various versions of MySQL have other options for transaction safe table but those two are the ones that are consistently available in web environs where bleeding edge software is not normally deployed.<br /><br />http://dev.mysql.com/doc/refman/5.0/en/storage-engines.html<br /><br />Diatribe aside, what you need to do with these templated objects is to duplicate the object referenced {paypalinfo} and apply mysql_real_escape_string to the duplicates elements {paypalinfo_escaped_copy.txnid}. Then run the copied ADDT code with values from {paypalinfo_escaped_copy}. How you do you this I leave you to track down as I do not find that level of abstraction to be a good use of my time and other other libraries/frameworks do it much more elegantly using less of my time.<br /><br />But as Gunter already noted, refactoring your problem to work with your tools existing architectures can be simpler. ADDT has a limited programming architecture (primary design) which is done to simplify the automatic generation of code. This can make some simple things complex (50-80 mouse clicks) as opposed to typing one or two lines of code.<br /><br />some thoughts, <smile><br /><br />Sean
Similar Messages
-
Where can i find Main work center field value in il03 transaction ??
Hi experts,
Where can i find <b>Main work center</b> field value in il03 transaction.
Iam looking for the table from where that value will be filled.
thanks
SureshHi anji reddy,
No that filed is not avaiable in that . can please tell some other soulution ...
ASAP...
thanks,
Suresh -
How to set default field values in customer master data.
hi,
I want to set default values in customer master data (account group wise).
but
I don't know how to set it .
please help me.
(I don't want to change field status in account group rather than I want to set default values for field. )
thank you.hi,
this is to inform you that,
in SAP there is no such a provision.
but
in LSMW there is an option of CONSTANT VALUES.
check in SHD0 - also
please check and confirm
balajis\a -
Field Value in ME51N Transaction
Hi Gurus.
I need assign from EBAN table one value, to field value in Item 'Valuation' (tabstrip vauation) in the data
of the position.
Is this possible ??
Thank You for yours helps.HI
Use user eixt EXIT_SAPLMEREQ_007 or EXIT_SAPLMEREQ_009 to get the value of valuation from eban and then use user exit EXIT_SAPLMEREQ_005 to populate new value in table IM_DATA_NEW.
Regards
Sachin -
Using BADI to change the field value in standard transaction ME21N
Hello People,
In transaction ME21N to create PO, i have a field where i want to allocate the batch ( CHARG ) NONRETG to all the PO's that are created. I have a BADI for that, however i do i implement the BADI so that the Batch 'NONRETG' is automatically allocated to all the PO's that are created. Please advise whether a USER EXIT would be better or a BADI would do the work. Right answer would be rewarded.
regards,
Sandeep SalariaHi,
YOU can very well implement.Use this BADi->ME_GUI_PO_CUST
Incase you are going to implemet userexit U can use the Exit: MM06E005.
Regards
Kiran Sure -
Hi Masters,
How can we make customized field values and keep track who and when they are changed.
Regards,
AryendraWhat exactly do you mean by "customized field values"?
Some transactions will show changes to fields in their change history, some will allow you to flag changes to critical fields, others you may need to activate table logging (and accept the consequences) - without knowing a lot more, it's hard to make a call -
Transaction Launcher to call custom transaction
Hi ,
I have a requirement where i need to call a custom transaction using transaction launcher. I am able to successfully launch the transaction. But i need to pass a value to the transaction.
For eg. If i am calling a custom report transaction which has a selection screen field 'FORMNAME' as a parameter i need to pass the name of the form to the transaction. I am not able to pass that value. Can any one help me onthis.
I have seen all the posts , but could not get any help on how to set the value for custom transaction. I can see how it is done for standard transaction.
Regards
AnsariHi Any help on this....I am still awaiting the response.
Requirement: My requirement is to launch the SE38 transaction on WEBUI using transaction luncher tool and set the parameter on the selection screen.
Issue: The issue is that I am able to lunch the transaction but unable to set the parameter
Steps Performed:
I want to list down all the steps I performed to launch an SE38 transaction using transaction launcher on the WEBUI
1) Defined logical system in tcode CRMS_IC_CROSS_SYS
-The logical link looks like this
http://<server>:<port>/sap/bc/gui/sap/its/webgui/!?transaction=IC_LTXE&okcode=ICEXECUTE ?sap-client=300
2) Defined URL & paratemeter wherein the request method is "GET", opted for NON-BSP URL
URL link here is
http://<server>:<port>/sap/bc/gui/sap/its/webgui/!?transaction=SE38&okcode=ONLI
-Note: My selection screen okcode os ONLI*
-The logical system ref is provided here
3) Defined the parameter by giving the screen name like for SE38 selection screen name is "RS38M-PROGRAMM"
4) Configured the transaction launcher of type B - URL type and provided the reference of the URL ID, choose the relevant parameter from the drop down and have hardcoded the value, cheked the box "Save Data in Activity Clipboard
5) Added this in the NAvlink/Bus Role etc
6) Now in the handler class of the TL the code looks like this:
IF_CRM_IC_ACTION_HANDLER~PREPARE_DATA_FLOW
__gdc ?=
cl_crm_ui_data_context_srv=>get_instance( gv_view_controller ).
__value
=
'ZC_TEST'.
add_parameter(
iv_name =
'RS38M-PROGRAMM'
iv_value = __value ).
However, after performing the above steps I am unable to set the parameter. Please suggest where am I missing out on. An early response would really be appreciated. -
How to Track the changes made to the custom table field value
I want to track the changes made to the custom table field value in table maintenance generator.please help me it is very urgent
Thanks & Regards,
KrantiHi Satya,
These are the steps you've to do.
1. Enable the change document flag in the data element level for the fields of the tables you want to monitor.
2. Go to transaction SCDO. Create a new change object, and add your table to this object. After generation, you'll get a function module.
3. Call this function module in the table maintainence generator screen, after the data is saved to the database table. This function module automaticallly writes the changes, with the old and new values, and the fields that were changed to the tables CDHDR and CDPOS.
4. You can keep track of the changes made to the table by monitoring these tables.
Regards
Anil Madhavan -
Custom Field value is not getting populated in Display mode
Hi Experts ,
I have created a custom field on sales tab for BP Role Bill to prty in BP transaction in SAP CRM. The problem i am facing is that , after i chose my sales area field value is not populating in first time no matter whether i am in display or change mode but the moment i switch to the other mode the value is being populated. Kindly help me in solving this.
Regards,
AmeetDear Chetan,
If the field is added through AET, can you please check the Get & Set Methods?
If the field value has fixed values which you have defined while creating, then check GET_V & GET_P methods.
Thanks & Kind Regards,
Ravi Kumar A R -
Show value in "customer" field of FAGLB03
Hi Experts,
we have a requirement to Show value in "customer" field of FAGLB03 for all sales related transactions.
Your support is appreciated.
Thankssolution has been implemented using badi FAGL_ITEMS_CH_DATA
-
Set the default field value to transaction code field, when calling from WD
Hi all,
Can we pass the value in a input field of a standard transaction calling from WD application. Suppose we are calling a transaction VA03 in an external window, then how will be pass the value in the VBAK_VBELN screen field.
Is there any way to pass the value to this transaction field. I have also tried out to set the parameter ID 'AUN' for VA03 transaction VBELN field. But it did not work for me.
Is there any way to set the default field value to transaction code field, when calling from WD?
Please suggest, if anyone have any idea.
Thanks
SanketHi,
I am using the below code to open a standard transaction. It will help you to explain my point more easily.
DATA: url TYPE string,
host TYPE string,
port TYPE string.
*Call below method to get host and port
cl_http_server=>if_http_server~get_location(
IMPORTING host = host
port = port ).
*create URL
CONCATENATE 'http'
'://' host ':' port
'/sap/bc/gui/sap/its/webgui/?sap-client=&~transaction=' 'VA03'
INTO url.
*get the window manager as we are opening t code in external window.
DATA lo_window_manager TYPE REF TO if_wd_window_manager.
DATA lo_api_component TYPE REF TO if_wd_component.
DATA lo_window TYPE REF TO if_wd_window.
lo_api_component = wd_comp_controller->wd_get_api( ).
lo_window_manager = lo_api_component->get_window_manager( ).
call the url which we created above
lo_window_manager->create_external_window(
EXPORTING
url = url
RECEIVING
window = lo_window ).
lo_window->open( ).
Note*
One more query I want to add to this thread, that is there any possibility to call a custom transaction as well? -
Add custom fields in EL09/EL35 transaction
Hi,
I need to add custom fileds in these transactions in order to specify particular client information I have to extract in the output of meter reading order.
How can I accomplish this need?
Do I need to define a custom transaction or do I have to implement some customizing-badi,... I didn't find anything useful in my researches.
Can you help me please?
Thanks,
GabrieleHi Gabriele,
When we are generating meter reading orders, entries are made in tables EABL & EABLG. You can add custom fields in these tables using enhancement EDMMR001.
Based on your rules / logic, you can update these custom fields from user exit - EXIT_SAPLEL01_010.
Now, when you are downloading meter reading orders, you can access these values.
Alternatively, if you can derive these additional values in run time, you can place your logic in Meter Read Order Download Print Workbench program.
Hope this helps.
Regards,
Avinash -
Who has changed the Custom Field value?
Dears,
Need to know the information regarding how to fetch that who has changed the Custom field value from PWA/MPP.
Example:
There is a PDP (say ProjectInfo):
There is a Custom Field added to that PDP (say Project Status = In Progress).
Now for ProjectA, someone has checked out and changed the Custom Field "Project Status" from "In Progress" to "Closed".
I need to fetch the information regarding who has changed that Custom field.
In which direction should I move: Event Handlers, PSI???? Any other stuff?
Thanks & Regards,
ShravanHi Shravan,
I'm not a developer but I do know that you can use an event handler pushing the resource name and date in custom fields.
Another way is to use a 3rd-party tool like
FluentPro Audit Tool.
Hope this helps,
Guillaume Rouyre, MBA, MVP, P-Seller | -
Custom fields values not saved in AUFK using bapi_alm_order_maintain
Hi ,
We have a requirement where we have to update the custom fields in enhancement tab of IW31 using bapi_alm_order_maintain.
We are able to get the successful creation of work order ,but the custom fields are not updated in enhancement tab aswell in aufk table. We are passing values in below table of bapi.
EXTENSION_IN
STRUCTURE = CI_AUFK
VALUEPART1 = '20091223' .
Please provide the solution.Hi Phani,
May be these links are helpful:
BAPI extention to work order aiming AUFK custom field filling
Update custom fields in MARA (BAPI_MATERIAL_SAVEDATA)
Also search sdn using the BAPI function module, you may get some idea.
Regards,
Swarna Munukoti -
How can we get the value of the key field in a custom data model using governance API?
Dear Team,
How can we get the value of the key field in a custom data model, to be used for manipulation of the change request fields using governance API?
Any kind of help would be sincerely appreciated.
Thanks & Regards,
Tushar.Hi Michael,
Thanks for direction. Let me give more context on this as I'm interested to get more details..One of the issue was to read cross entity field values on UI based on user action and set other entity field behaviour...It is similar to what is being posted here.
For ex: Reading MTART from Basic Data UIBB in MM MDG UI and set the field properties in some other custom entities say ZZETEST. This cannot be done using UI BADI as it only supports single entity at a time and not cross entity. So alternatively we found a solution where we can enhance existing PLMB feederclass cl_mdg_bs_mat_feeder_form by reading the model and the entity as needed as it it proved that it supports cross entity UI field behaviours and so business requirements.
This is a workaround for now.
So the question is How do we achive it using governance API for cross entity field behiaviours.?or what is the right way doing this.
Can we do that using governance API and its' methods?
In the Governance API doc you provided below has referring to below external model as part of gevernance API.
The active or inactive data (before or during the derivation or the check) can be read
with the external data model interface IF_USMD_MODEL_EXT with the method READ_CHAR_VALUE and
the corresponding READ_MODE parameter. To avoid unnecessary flushes (derivations), the NO_FLUSH
parameter should b
e set to ‘X’.
Thanks
Praveen
Maybe you are looking for
-
SAVE & PRINT Button Enable for Graph Report
Hi All, I have developed a report for displaying a graphical hierarchy.But the 'SAVE" & 'PRINT' button is in disable mode. I am using the 'GRAPH_HIERARCHY' function module for displaying the graph. Could anyone please suggest me how to enable the 'S
-
Ipod isnt recognized and is unable to be restored!
Please help. I have had a 30 gig color ipod for about six months, never had a problem until 2 days ago. I dont think there is a problem with my PC, as its a work computer and has never had acted up. After resetting my Ipod, the ipod logo screen will
-
Validation rule in Funds management.
Dear Friends, We use commitment items to monitor the budgets with overall budget for budget type Payment budget In some cases, users are posting some adjustment entries to transfer the consumed budget values from one commitment item to another. Ex: O
-
Hi, I have several emptyMCs on my page, created with a for loop; Each MC has now a different name, like "Roll_mcT0","Roll_mcT1","Roll_mcT2", and so on.... How could I get the number property out of this MC name? var depthT:Number = 1000+d; this.creat
-
And right now am on my moms iTunes account and when I get the new phone I will be making a new iTunes account. But I do not want to make a new Game Center because I have been playing games for a couple years now and dont really wanna start from new o