Skip to main content

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

the ASIS keyword to build a dynamic WHERE clause in Connect SQL rules

Suggest edit Updated on October 19, 2020

Summary

A dynamically-created WHERE clause can add flexibility to SQL connections. 

One technique for doing this is to use a property to store the text of your where clause, then simply reference this property in a Connect SQL rule.


 

Suggested Approach

For example, you can create a text property named DynamicWhere and use a Property-Set method to store the value:

"pyLabel like 'Mexico%'"

Then, in a Connect SQL rule, you can use this as a WHERE clause, using the syntax:

where {ASIS: pyWorkPage.DynamicWhere}

The ASIS keyword is essential, so that Process Commander does not place spaces or double quotes around the value.

Caution: In general, use of prepared statements is preferable to dynamically SQL statements, because the dynamic SQL statements may make your application vulnerable to SQL injection attacks, a serious flaw.

Use edit validation rules and other tests to ensure that the values contain only the expected characters, especially if values are accepted from a user input form.

For more information about SQL injection, see http://www.owasp.org/index.php/SQL_Injection.

 

Did you find this content helpful? YesNo

90% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us