Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

the ASIS keyword to build a dynamic WHERE clause in Connect SQL rules

Updated on October 19, 2020

Summary

A dynamically-created WHERE clause can add flexibility to SQL connections. 

One technique for doing this is to use a property to store the text of your where clause, then simply reference this property in a Connect SQL rule.


 

Suggested Approach

For example, you can create a text property named DynamicWhere and use a Property-Set method to store the value:

"pyLabel like 'Mexico%'"

Then, in a Connect SQL rule, you can use this as a WHERE clause, using the syntax:

where {ASIS: pyWorkPage.DynamicWhere}

The ASIS keyword is essential, so that Process Commander does not place spaces or double quotes around the value.

Caution: In general, use of prepared statements is preferable to dynamically SQL statements, because the dynamic SQL statements may make your application vulnerable to SQL injection attacks, a serious flaw.

Use edit validation rules and other tests to ensure that the values contain only the expected characters, especially if values are accepted from a user input form.

For more information about SQL injection, see http://www.owasp.org/index.php/SQL_Injection.

 

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us