Sanitize XPath for DB input

Hello all
In my orchestration I have a Call Stored Procedure task that accepts a bunch of XPath expressions as its parameters (obviously)
The problem arises when the values contain apostrophes/single quotes like : ' insertion fails because they cause syntax errors on the DBMS
Is there an effectve way of "escaping" the apostrophes? I'm trying to use XSLT but the truth is I'm not an expert on that
What are the best practices for SQL sanitization using LiveCycle?
Thanks for your help

I usually use the parameterize option.
Your call will then look something like Call ProcedureName (?,?,?) .
You can them replace the ? with the xPath expression you want in the mapping section.
Let me know if that helps.
Jasmin

Similar Messages

  • "XSL Error: Cannot use a DTMLiaison for a input DOM node"

    This code:
    Writer writer = new StringWriter();
    XSLTProcessor processor = XSLTProcessorFactory.getProcessor();
    // Note: event.getDocument() returns a
    // org.apache.xerces.dom.DocumentImpl
    // sourced from xlms.jar
    processor.process(new XSLTInputSource(event.getDocument()),
    new XSLTInputSource(new FileReader(GDS_XSLT_STYLESHEET)),
    new XSLTResultTarget(writer));
    Gives this stacktrace:
    XSL Error: Cannot use a DTMLiaison for a input DOM node... pass a weblogic.apache.xalan.xpath.xdom.XercesLiaison
    instead!
    XSL Error: SAX Exception
    weblogic.apache.xalan.xslt.XSLProcessorException:
         at weblogic.apache.xalan.xslt.XSLTEngineImpl.error(XSLTEngineImpl.java:1756)
         at weblogic.apache.xalan.xslt.XSLTEngineImpl.error(XSLTEngineImpl.java:1648)
         at weblogic.apache.xalan.xslt.XSLTEngineImpl.getSourceTreeFromInput(XSLTEngineImpl.java:876)
         at weblogic.apache.xalan.xslt.XSLTEngineImpl.process(XSLTEngineImpl.java:600)
    1. All XML/XSLT classes are being sourced from weblogic.jar or xmlx.jar
    2. Both jar files come from the WLS installation (WLS6.0 + SP2)
    3. There are no other XML class providers on my class path
    4. This is a standalone application, not running within WLS; I'm using weblogic
    jarfiles here purely so I use the same XML implementation both inside and outside
    WLS. Is this a sensible approach?
    Any help, anyone?

    All works fine in WLS6.1, with this extra code:
    System.setProperty("javax.xml.transform.TransformerFactory",
    "weblogic.apache.xalan.processor.TransformerFactoryImpl");
    (or you could use -D)
    No longer concerned; we've moved off WLS6.0
    "Simon Spruzen" <[email protected]> wrote:
    >
    Interestingly, expanding the code to (the very verbose):
    Document sourceDocument = event.getDocument();
    XSLTProcessor processor = XSLTProcessorFactory.getProcessor();
    StringWriter source = new StringWriter();
    XMLSerializer sourceSerializer = new XMLSerializer(source, new OutputFormat(sourceDocument));
    sourceSerializer.asDOMSerializer();
    sourceSerializer.serialize(sourceDocument.getDocumentElement());
    StringWriter output = new StringWriter();
    processor.process(new XSLTInputSource(source.toString()),
    new XSLTInputSource(new FileReader(GDS_XSLT_STYLESHEET)),
    new XSLTResultTarget(output));
    (i.e. document -> string -> transform -> string)
    works just fine, but this code is far too long-winded for me to be happy
    with.
    (Note that one of XSLTInputSource's ctors does take a Node, so I'm assuming
    that
    it should be perfectly safe to pass a Document here)
    (Note also, that for various reasons at the moment, using JAXP's transformer
    factory
    is difficult for us)
    "Simon Spruzen" <[email protected]> wrote:
    This code:
    Writer writer = new StringWriter();
    XSLTProcessor processor = XSLTProcessorFactory.getProcessor();
    // Note: event.getDocument() returns a
    // org.apache.xerces.dom.DocumentImpl
    // sourced from xlms.jar
    processor.process(new XSLTInputSource(event.getDocument()),
    new XSLTInputSource(new FileReader(GDS_XSLT_STYLESHEET)),
    new XSLTResultTarget(writer));
    Gives this stacktrace:
    XSL Error: Cannot use a DTMLiaison for a input DOM node... pass a weblogic.apache.xalan.xpath.xdom.XercesLiaison
    instead!
    XSL Error: SAX Exception
    weblogic.apache.xalan.xslt.XSLProcessorException:
         at weblogic.apache.xalan.xslt.XSLTEngineImpl.error(XSLTEngineImpl.java:1756)
         at weblogic.apache.xalan.xslt.XSLTEngineImpl.error(XSLTEngineImpl.java:1648)
         at weblogic.apache.xalan.xslt.XSLTEngineImpl.getSourceTreeFromInput(XSLTEngineImpl.java:876)
         at weblogic.apache.xalan.xslt.XSLTEngineImpl.process(XSLTEngineImpl.java:600)
    1. All XML/XSLT classes are being sourced from weblogic.jar or xmlx.jar
    2. Both jar files come from the WLS installation (WLS6.0 + SP2)
    3. There are no other XML class providers on my class path
    4. This is a standalone application, not running within WLS; I'm using
    weblogic
    jarfiles here purely so I use the same XML implementation both inside
    and outside
    WLS. Is this a sensible approach?
    Any help, anyone?

  • How can I run the report for different input values at the same time?

    Reports version: Report Builder 6.0.8.13.1
    Oracle version: Oracle8i Enterprise Edition Release 8.1.7.0.0
    I want to run the same report for different input parameter values and spool each o/p to different file and ftp to a server. For this, as a first step, I am spooling different input values in to a file, reading those values through a loop and calling the report for that input values. Each report run/execution is taking 15 minutes. Total report execution is taking approximately 4 hours (assuming 16 different input values) to complete. So I have to wait 4 hours to see ALL outputs.
    I would like to run the report parallel for ALL the input values and I should be able to see the ALL outputs with in 15 or 16 minutes.
    In my shell script, I added & symbol at the end of the report call to start/run the job in the background. Due to this the control passed to the next step after the report call. At this place I have an ftp command to send the output file to a different server and it is giving error some thing like “o/p file is not available/created yet". This is due to the fact that report writer is NOT yet completely started/initiated or it is NOT completed the spooling.
    How can I run the report at the same time for all the input values and save the time?
    Thanks in advance.
    Kishore.

    Increase the number of server engines running right now it seems there is only one engine running ,increase it to 4 or 6
    and then atleast 4 or 6 reports will run simultaneously.
    For FTPing the output add to your sript to check whether it is locked and if not then only try to ftp .
    Also for more better functionality read the document (chapter 15 ) for 10g reports for its new fuinctionality.
    http://download.oracle.com/docs/cd/B14099_17/bi.1012/b14048/toc.htm
    Thanks
    Subodh

  • How to make Flash to wait for user input

    Hi,
    I found this PHP script, then I made some changes to make it
    FEED the Flash user interface with online user input.
    The main concept of this script is WAITING for user input, so
    it shows the messages and then go to next line and so on.
    The user input go to directly to TEXT file which writes in
    lines, each line has a unique id = (mag_id).
    There "get_msge.php" which works as the middleware between
    FLASH and messages text file.
    The problem, its doesn’t show any data while there are
    data in the text file.
    Help here please, best regards.
    This is the link of
    problem illustartion
    AS is:
    // create an object to store the variables
    varReceiver = new LoadVars();
    // load the variables from the text file
    varReceiver.load("get_msg.php?file_id=1&msg_id=1",
    "POST");
    // trigger something - when the variables finish loading
    varReceiver.onLoad = function(){
    //the variables have finished loading
    if (this.msg_id == 1) {
    _root.xmsg1_swf.text = this.msg;
    _root.xmsg1_ch.text = this.msg;
    gotoAndPlay("line2");
    } else {WAIT }
    PHP is:
    <?php
    //get these values from the FLASH
    $file_id_swf = $_POST ['file_id'];
    $file_name = "messages/messages".$file_id_swf.".txt";
    $msg_id_swf = $_POST ['msg_id'];
    // [0] ."||".[1] ."||".[2] ."||". [3] ."||".[4]."||". [5].
    //$msg_id."||".date."||".time."||".$from."||".$to."||".$msg.
    $fp = fopen ($file_name, 'rb');
    while (!feof ($fp))
    $msg_txt = fgets ($fp, 1024);
    $line = explode ("||", $msg_txt);
    $msg_id = $line[0];
    $from = $line[3];
    $to = $line[4];
    $msg = utf8_encode ($line[5]);
    if ($msg_id == $msg_id_swf)
    echo
    "msg_id=".$msg_id."&from=".$from."&to=".$to."&msg=".$msg;
    }//while
    fclose ($fp);
    ?>

    Well, given the things that you've written, I don't think it
    could. There technically isn't any code in flash that lets it
    "wait." In order to "wait," you must run the script over again
    until some condition is met.
    However, your code does look accurate. Why do you need to
    wait? The onLoad function will be invoked WHEN something is loaded.
    So, I don't see the reason for the "waiting."
    In addition to that, I would like to say that using text
    files isn't that great with flash. I have done this before and
    noticed several problems with using text files. The biggest problem
    is that the text files are cached after being loaded. Every time
    you re-load it again, you will get what you got the first time
    until you reset your cache (ie. close your browser). I suggest
    using MySQL. (Just my thought.)

  • Multiple select options for an input field

    Hi All,
    We have a requirement where in we need to provide multiple select options for an input field in a BSP application and get output relevant to all the given inputs(do not require range).
    Please do let me know how to solve this.
    Thanks & Regards,
    Lavanya .

    Hi,
    The requirement is : Suppose there is a input field PLANT.
    If we give input for plant it gives related output.
    Now if it is required to give 5 or 6 inputs..like plant1,plant2...plant6 and get the output related to all 6 inputs.
    (Like we implement in ABAP)
    Please do let me know how can this be implemented in BSP.
    Thanks & Regards,
    Lavanya.

  • How to create one submit form for both input an variable ports ?

    Hello,
    I would like to create an input from for a query I have.
    The problem is that this query has both input an variable ports and each one creates a different input form. I would like to join it into one form or at least have it under one "Submit" button so the user won't need to fill two forms.
    How can I achieve this?

    Hi Mario,
    Thank you for your quick reply.
    >>Even if you could, only port would be effective.
    Can you please elaborate?
    >> You need to change your query and make your input port-fields variables?
    So, if I understand correctly I should select whether I go for only inputs or only variables?
    Thanks,
    Roy

  • How to restrict number of characters for an input field

    Hi All,
    I have an input field.
    The max number of characters for this input field is 10.
    when a user enter more then 10 characters. it should prompt for an error or the input field should not allow to accpet the 11 character.
    how we do this in VC.
    need your helpful answers
    Rgds
    Srinivas

    Hi Srinu
    You could achieve this by configuring error messages under the formula:-
    Select the control properties and in the Input field at the Display tab write the formula
    "IF((@<LEN(text)>10),'appropriate message','Records available')"
    Note :- there is a LEN(text) under text functions in formula tab.
    Regards
    Navneet
    Message was edited by:
            Navneet Giria

  • Can a ComboBox be used for Text Input ?

    Hi
    In Ms Access the combo box can be used for text input for creating new lines in the Database instead of just being limited to the lines already there in the drop down list. Is this possible with the combo box available in Flex 4. If it is I haven't being successful in getting it to work.
    Thanks for you help in advance
    ParaicKW

    I am using a Dataservices Commit method to write to the Database via a button on the screen
    When I type into the ComboBox's text input and click outside the combobox or on the commit button the application effectively freezes
    SituationService is a CRUD type servicePHP to MYSQL and it works with the Datagrid
    Here is the code -
    ParaicKW
    <?xml version="1.0" encoding="utf-8"?>
    <s:Application xmlns:fx="http://ns.adobe.com/mxml/2009"
                   xmlns:s="library://ns.adobe.com/flex/spark"
                   xmlns:mx="library://ns.adobe.com/flex/mx" minWidth="955" minHeight="600" xmlns:situationservice="services.situationservice.*">
        <fx:Script>
            <![CDATA[
                import mx.controls.Alert;
                import mx.events.FlexEvent;
                protected function Situation_creationCompleteHandler(event:FlexEvent):void
                    getAllTblsituationResult3.token = situationService.getAllTblsituation();
                protected function dataGrid_creationCompleteHandler(event:FlexEvent):void
                    getAllTblsituationResult.token = situationService.getAllTblsituation();
                protected function button1_clickHandler(event:MouseEvent):void
                    situationService.commit();
                protected function vGroup_creationCompleteHandler(event:FlexEvent):void
                    getAllTblsituationResult2.token = situationService.getAllTblsituation();
            ]]>
        </fx:Script>
        <fx:Declarations>
            <s:CallResponder id="updateSituationResult"/>
            <situationservice:SituationService id="situationService" fault="Alert.show(event.fault.faultString + '\n' + event.fault.faultDetail)" showBusyCursor="true"/>
            <s:CallResponder id="getAllSituationResult"/>
            <s:CallResponder id="getAllTblsituationResult"/>
            <s:CallResponder id="getAllTblsituationResult2"/>
            <s:CallResponder id="getAllTblsituationResult3"/>
            <!-- Place non-visual elements (e.g., services, value objects) here -->
        </fx:Declarations>
        <mx:DataGrid x="96" y="167" id="dataGrid" creationComplete="dataGrid_creationCompleteHandler(event)" dataProvider="{getAllTblsituationResult.lastResult}" editable="true" width="470" height="237">
            <mx:columns>
                <mx:DataGridColumn headerText="ID2" dataField="ID2"/>
                <mx:DataGridColumn headerText="SITUATION" dataField="SITUATION" width="200"/>
            </mx:columns>
        </mx:DataGrid>
        <s:Button label="Commit Updates" click="button1_clickHandler(event)"/>
        <s:HGroup width="90%" height="80%" verticalCenter="20" horizontalCenter="0">
            <mx:ComboBox width="476" id="cmbSituation" creationComplete="Situation_creationCompleteHandler(event)" dataProvider="  
                     {getAllTblsituationResult3.lastResult}" labelField="SITUATION" editable="true">
            </mx:ComboBox>
            <s:TextArea width="426" id="textArea" text="{getAllTblsituationResult3.lastResult.SITUATION}"/>
            <s:Button label="Back" click="cmbSituation.selectedIndex = cmbSituation.selectedIndex-1 ; textArea.selectedIndex = textArea.selectedIndex-1"/>
            <s:Button label="Forward" click="cmbSituation.selectedIndex = cmbSituation.selectedIndex+1 ; textArea.selectedIndex = textArea.selectedIndex-1"/>
        </s:HGroup>
    </s:Application>

  • Calendar display for an input date

    Can anyone give java code or logic, how to display the corresponding calendar for an input date?
    Input : 25052006
    Output:
    M T W T F S S
    1 2 3 4 5 6 7
    8 ----------------
    29 30 31
    Thanks in advance.

    Use Calendar class to get no. of days, week day etc.
    For GUI, hope u will tryAll knows that there are so many classes like - Calendar, Date, etc...etc..
    Can anybody help with a written code which will give output like that. Bcoz, I tried using Caledar, Date and all. Its giving a problem in month Feb and on leap years. If I get a code which will work fine then it will be fantastic.
    Thanks a lot in advance for helps.

  • Unable to get the SharePoint 2013 List names using Client object model for the input URL

    Please can you help with this issue.
    We are not able to get the SharePoint 2013 List names using Client object model for the input URL.
    What we need is to use default credentials to authenticate user to get only those list which he has access to.
    clientContext.Credentials = Net.CredentialCache.DefaultCredentials
    But in this case we are getting error saying ‘The remote server returned an error: (401) Unauthorized.’
    Instead of passing Default Credentials, if we pass the User credentials using:
    clientContext.Credentials = New Net.NetworkCredential("Administrator", "password", "contoso")
    It authenticates the user and works fine. Since we are developing a web part, it would not be possible to pass the user credentials. Also, the sample source code works perfectly fine on the SharePoint 2010 environment. We need to get the same functionality
    working for SharePoint 2013.
    We are also facing the same issue while authenticating PSI(Project Server Interface) Web services for Project Server 2013.
    Can you please let us know how we can overcome the above issue? Please let us know if you need any further information from our end on the same.
    Sample code is here: http://www.projectsolution.com/Data/Support/MS/SharePointTestApplication.zip
    Regards, PJ Mistry (Email: [email protected] | Web: http://www.projectsolution.co.uk | Blog: EPMGuy.com)

    Hi Mistry,
    I sure that CSOM will authenticate without passing the
    "clientContext.Credentials = Net.CredentialCache.DefaultCredentials" by default. It will take the current login user credentials by default. For more details about the CSOM operations refer the below link.
    http://msdn.microsoft.com/en-us/library/office/fp179912.aspx
    -- Vadivelu B Life with SharePoint

  • Asking for user input in the middle of a function

    Here's my issue.
    I need to launch and input window in the middle of a function for user input.  Before I can continue through the function I need a response back from the user first.  Psuedo code below:
    function
         function begins
         pop up window is launched to ask for user input
         function continues after users submits input
         user input from pop up window is used in function return value
    Let me know if you need more clarification but this is essentially what I'm attempting to do.

    The way actionScript works it isn’t really designed to work that way
    Is there any reason why you have to only use one function as you have written
    I think you really do need to split up your code into sections that a, set up the pop-up with  event listeners waiting for the input to be completed, trigger the pop up with user input, then have a handler function that then interprets the results of the user action.
    Trying to force the system into a closed loop while waiting will be a bad idea.
    By using a pop-up or an alert window that is set to be modal, you are effectively stopping your application doing anything else until the user input has been completed, but still not locking the app into a closed loop. Imagine what would happen if you did put the system into a closed loop, the mouse movement wouldn’t be updated, the screen wouldn’t refresh and the system wouldn’t be able to handle your user input. the reason for using async model is you are able to let the system still do all its background task (move the mouse, give inputs focus, keep the screen drawn etc) but still tell a part of your app to ‘wait for input’ before carrying on it execution of your logic
    Do you come from another programming language? Maybe one that uses less of an OOP approach? I only ask, as the method you are describing is much more like how I had to program when  I worked on computers years ago as an assembly programmer.
    In actionscript and most other modern languages and Oss you don’t have total control of the system and cant lock it into an action as you describe.
    You need to have an asynchronous approach to situations like you describe and let the system run in the back ground while you are waiting for input (or date from a server for that matter)
    Please excuse me if I am telling you things you already know.
    What exactly is your use case for this? Maybe if we knew exactly what you are working on I might be able to offer a solution that would make sense for your particular situation.
    Hope all is going well and please feel free to contact me if you are stuck

  • Prompt For User Input in SQL Developer

    I am using the '&' in a very basic SQL select script, but I do not get a prompt for my input. However, i have used the '&' in update scripts and it does prompt me.
    For example:
    select DCC_DESCRIPTION
    from S_TBLDTMINOR
    where DCC_DTMINOR = &Minor;
    Gives an ORA-01008 error (not all variables bound).
    If it's a varchar field and I use '&Minor' - it executes with no error, but does not prompt for data. Please note:  this script works when it's run in SQL*Plus, but not in SQL Developer.
    If I execute:
    update S_TBLDTMINOR
    set DCC_DESCRIPTION = 'Mark & Wilson'
    where DCC_DTMINOR = 'AAA';
    It does prompt me for a value (but I do not want it to).
    So I know prompting works in SQL Developer, but it does not work in select statements.
    Is this a configuration setting I can change in SQL Developer? I know I can use the escape in the update statement to avoid the prompt, but I'm not concerned with that. I'm trying to get the prompting to work in the select statement.
    Edited by: user12289057 on Feb 23, 2012 11:17 AM

    Hi user12289057,
    1/Not sure what your testcase is (including table definition), I was trying to reproduce with:
    select * from dual where dummy = '&myin'
    2/Try
    undefine Minor
    to ensure Minor is not already set.
    3/Minor may need to be quoted if it is a string.
    Short blog post on substitution and bind variables.
    http://totierne.blogspot.com/2010/04/substitution-and-bind-variables.html
    -Turloch
    SQLDeveloper team.

  • MiniDisplay Port for Video input on macbook pro?

    Can I use my macbook pro`s MDP for video input? Wanna use my Belkin HDMI to MDP.
    MBP (Late 2010 model)

    No. The mini-DisplayPort on a MacBook is output only. from the MBP to a display or other device.
    Regards.

  • Tree-control for data input?

    Hi,
    I need to program an input screen for values that have hierarchical dependencies (e.g. sums). I feel, the most adequate user-interface would be a tree control, because of the data dependencies and also because the users asked for a possibility to collapse/expand parts of the data during input.
    I had a look at CL_GUI_COLUMN_TREE, but I'm not sure, if it can be used for data input. Has anyone done something like this before or can anybody direct me to some additional sample coding? (the sample coding in the reuse library didn't do it...)
    Thanks for your help, greetings, Kathrin!

    Hello Kathrin,
    Since you say that the user's input is hierarchical in nature, it is nice to have a tree-control for input. But, the choice of using a custom-control-version of the tree is a cause for some concern. I cannot recollect any of the SAP screens where the input can be given through such a tree framework (please do let me know if you have come across one). The problem with such a tree would be in the areas of even-handling. Filling the tree with appropriate data at the right times would be another challenge.
    However, there's one alternative that I would like to direct your attention to. You must have observed another kind of tree, when you select an application component from the APPLICATION HIERARCHY, which is just like a list. Also, the <i>Transport Organizer (SE09)</i>, <i>Menu Painter (SE41)</i> etc., have this kind of a tree. You can use this if you (or rather your users) are very particular on having a tree display. For more information, you can see the Function Group <b>SEUT</b>, which has the required function modules to accomplish the same. The Function Group is well documented, and you might have to work a little on the function modules themselves.
    Please do let me know if this is a suitable option to meet your requirement. All the best,
    Regards,
    Anand Mandalika.

  • Creating a mask for field input

    I have a cfinput that requires the serial number for a piece of equipment.  The number is always something like J123M456789 where the J or the M could be any letter and the 123 and 456789 could be any number that is 3/6 characters.  The code i am using for my input is as follows:
    <cfinput type="text" name="IDnumber" message="You must enter an 11 character meter number" mask="A999A999999" validateat="onSubmit" validate="maxlength" required="yes" class="SERIAL"id="IDnumber" maxlength="11" width="240" minlength="11">
    I am still able to enter any number, any which way i choose. 
    Can anyone help?

    Woops, my bad
    Some of the validation is working.  It is forcing me to input a letter, 3 numbers, a letter and then numbers again.  The trouble is it will let me submit at any time.  In otherwords if I place 11 characters in the text field, they must be in the proper format however i cant get it to force me to enter exactly 11 characters.
    HELP!!!!!

Maybe you are looking for

  • How to add a user to an existing group????

    Can't seem to find how to add a user to an existing group (staff). I am trying to share data (rw) between my admin account (root) and a development user. On any other UNIX system I would just add the user name in the /etc/group file & logout/login in

  • Midi Fader Control doesn't work correctly.

    Hello, I have a Yamaha ProMix 01 midi controller which i want to use in Mainstage. If I learn a fader in mainstage everything works fine, and I can control a fader in Mainstage from yhe Promix. However, if i go to "perform" the fader jumps from 0% to

  • Classpath error in webdynpro application

    Hi All, Currently I am using NWDS7.0.16, and I created webdypro application which connect to BI System by make use of BI-  XMLA connector. for that I added all required jar file in JavaBuild path. but when i try to build the application I am getting 

  • Seeking creator of Mac based Medical eXpense Tracking program

    Anyone know how to reach James Tarpley, creator of the Mac shareware program Medical eXpress Tracking? The program is available at http://web.mac.com/jtarpley/Medical_eXpense_Tracking_v_8.1/Introduction.html, but there's no Contact Us link that could

  • Archive in Mail

    So I have my gmail among other accounts linked to the Mail app with Yosemite. For some reason, not all of my email goes to the inbox, but instead goes directly to archive even though I never saw it. The mail is all on my iPhone 5c, but not on my comp