This example is similar to
Selecting Records from a Relational Database except it uses the Query operation so you can use joins and other sql features. The Query operation is more powerful but it does require extra programming to prevent mischevious input. Please see this article on
sql injection before deploying this script in production.
This example is written for Microsoft Access. You can read more about the
Access connector, or you can easily adapt this script to use other
database connectors.
To run this example, please download and install
RSSBus Desktop, plus this
zip file containing the script and db. Note there are several other database scripts in this zip which are described in other database tutorials. The example below only uses query.rsb and customersWithType.mdb. Place these two files in your RSSBus root directory (www/) and call with:
http://localhost:1110/query.rsb
<!--
query.rsb
If you leave lastname as an input argument, please see warnings about
sql injection at http://en.wikipedia.org/wiki/SQL_injection.
See http://www.rssbus.com/connectors for use with other dbs.
-->
<rsb:info title="Access Query" description="Try adding ?lastname=jones to url.">
<input name="lastname" />
</rsb:info>
<rsb:set attr="database" value="customersWithType.mdb"/>
<rsb:set attr="query" value="SELECT * FROM Customers, CustomerType" />
<rsb:set attr="query" value="[query] WHERE Customers.TypeID=CustomerType.ID" />
<!-- If lastname was given on URL, filter against sql injection and append -->
<rsb:notnull attr="lastname">
<rsb:set attr="lastname" value="[lastname | regexreplace('\[\+\-\=.\;\ \]','')]" />
<rsb:set attr="query" value="[query] AND Customers.LastName = '[lastname]'" />
</rsb:notnull>
<rsb:set attr="query" value="[query];" />
<rsb:call op="accessQuery" output="out">
<rsb:push title="[query | def('untitled item')]">
[out.* | tohtml()]
<hr>(auto-generated by RSSBus - www.rssbus.com)
</rsb:push>
</rsb:call>
You can learn more about RSSBus by reading the
RSSBus Server Quick Start Guide.