You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 8, 2023. It is now read-only.
I'd like to suggest some usable HTML5 features for a Textbox parameter type. (Maybe there should be an "HTML5 Textbox" parameter type in addition to the existing "Textbox" parameter type; then developers could use whichever parameter type was appropriate to their sites.) A new HTML5 Textbox could offer several very usable options:
HTML5 offers a way (using the "pattern" keyword) to specify a regular expression against which to check input. This would be VERY handy in SQLViewPro to restrict the user from entering certain characters. This would also be useful for security reasons.
Consider this example: an order system appends suffixes to the Order IDs of an order if parts of it ship at different times. Thus, Order ID "123" (as reported to the customer) may become Order IDs "123-1" and "123-2" in the system if the order is filled with two separate shipments. A SQLViewPro parameter prompts the user for a text value that will be used in an underlying LIKE statement in a SQL query (ex: SELECT * FROM Orders WHERE [Order ID] LIKE '[PARAMETER:OrderID]%'). Therefore, entering "123" for the parameter would show all items ordered, regardless of the underlying "sub-orders" created by multiple shipments. Entering a wildcard "%" into the parameter (or simply leaving the parameter blank) could allow the user to return the information for many/every order(s) in the database (including those which were previously unknown to the user). Considering how SQLViewPro is designed to simply display whatever information the query returns, this could be dangerous. It's one thing to display the data for the order being sought; it's quite another to display the information for every order that matches the wildcard input. In today's security-conscious world, this can easily lead to an information leak, which is a serious concern. Implementing a regular expression pattern could resolve this situation by both forcing the parameter to be required and restricting the entry of the wildcard.
HTML5 also offers new specialized input types that can force entry of colors, email addresses, numbers (with ranges and steps), and URLs. These would all make great additions to SQLViewPro, whether as separate parameter types or simply options on an HTML5 Textbox parameter type to help reduce data entry errors by users.
I'd like to suggest some usable HTML5 features for a Textbox parameter type. (Maybe there should be an "HTML5 Textbox" parameter type in addition to the existing "Textbox" parameter type; then developers could use whichever parameter type was appropriate to their sites.) A new HTML5 Textbox could offer several very usable options:
HTML5 offers a way (using the "pattern" keyword) to specify a regular expression against which to check input. This would be VERY handy in SQLViewPro to restrict the user from entering certain characters. This would also be useful for security reasons.
Consider this example: an order system appends suffixes to the Order IDs of an order if parts of it ship at different times. Thus, Order ID "123" (as reported to the customer) may become Order IDs "123-1" and "123-2" in the system if the order is filled with two separate shipments. A SQLViewPro parameter prompts the user for a text value that will be used in an underlying LIKE statement in a SQL query (ex: SELECT * FROM Orders WHERE [Order ID] LIKE '[PARAMETER:OrderID]%'). Therefore, entering "123" for the parameter would show all items ordered, regardless of the underlying "sub-orders" created by multiple shipments. Entering a wildcard "%" into the parameter (or simply leaving the parameter blank) could allow the user to return the information for many/every order(s) in the database (including those which were previously unknown to the user). Considering how SQLViewPro is designed to simply display whatever information the query returns, this could be dangerous. It's one thing to display the data for the order being sought; it's quite another to display the information for every order that matches the wildcard input. In today's security-conscious world, this can easily lead to an information leak, which is a serious concern. Implementing a regular expression pattern could resolve this situation by both forcing the parameter to be required and restricting the entry of the wildcard.
HTML5 also offers new specialized input types that can force entry of colors, email addresses, numbers (with ranges and steps), and URLs. These would all make great additions to SQLViewPro, whether as separate parameter types or simply options on an HTML5 Textbox parameter type to help reduce data entry errors by users.
A handy reference of the HTML5 input types is: https://www.w3schools.com/html/html_form_input_types.asp
Would welcome any feedback on these ideas.
Warren
The text was updated successfully, but these errors were encountered: