LJAX not working

classic Classic list List threaded Threaded
36 messages Options
12
Reply | Threaded
Open this post in threaded view
|

LJAX not working

Roddie Grant
Similar to Marc Lucke a few days ago, I want to record that a user has
clicked on a button to go to PayPal. Rich in Toronto suggested LJAX.

So I'm trying out LJAX.

I can get a simple minimal test to work, but I cannot get the real thing
working. I have:

<form action="https://www.paypal.com/cgi-bin/webscr" method="post"
           onsubmit="return Lasso.includeTarget('dynamic',{args:this});">
  ...Lots of fields
</form>
<div id="dynamic">
  [LJAX_Start]
    [LJAX_Target: -target='dynamic']
      [inline: -username='abc', -password='xyz', -nothing]
        [file_write: '/record.txt', 'qwerty', -fileoverwrite]
      [/inline]
    [/LJAX_Target]
  [LJAX_End]
</div>

The form is submitted but the file is not written by the LJAX.

Can anyone tell me why this isn't working?

Thanks

Roddie Grant



--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: LJAX not working

Viaduct Productions
AJAX.  I roll my own with Prototype.


On Sep 20, 2007, at 12:03 PM, Roddie Grant wrote:

> Rich in Toronto suggested LJAX.




Rich in Toronto



--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: LJAX not working

Brian Loomis-2
In reply to this post by Roddie Grant
This seems to work for me, I'm even able to evaluate using ctypes  
that are called outside of the LJAX tags.

[var('behaviors' = (specialterms: -category=$mycategory, -
Master_Cats=$MasterMaster_Cats));]

[LJAX_Start]
[LJAX_Target: 'monkey2', -NoTarget]

<div class="spentfuel" id="monkey2">


                [$behaviors]</div>

[/LJAX_Target]
[LJAX_End]

Maybe change:
[LJAX_Target: -target='dynamic']

to

[LJAX_Target: 'dynamic']

Are these synonymous?

b.
On Sep 20, 2007, at 10:03 AM, Roddie Grant wrote:

> Similar to Marc Lucke a few days ago, I want to record that a user has
> clicked on a button to go to PayPal. Rich in Toronto suggested LJAX.
>
> So I'm trying out LJAX.
>
> I can get a simple minimal test to work, but I cannot get the real  
> thing
> working. I have:
>
> <form action="https://www.paypal.com/cgi-bin/webscr" method="post"
>            onsubmit="return Lasso.includeTarget('dynamic',
> {args:this});">
>   ...Lots of fields
> </form>
> <div id="dynamic">
>   [LJAX_Start]
>     [LJAX_Target: -target='dynamic']
>       [inline: -username='abc', -password='xyz', -nothing]
>         [file_write: '/record.txt', 'qwerty', -fileoverwrite]
>       [/inline]
>     [/LJAX_Target]
>   [LJAX_End]
> </div>
>
> The form is submitted but the file is not written by the LJAX.
>
> Can anyone tell me why this isn't working?
>
> Thanks
>
> Roddie Grant
>
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

building a SQL inline

Lee Glickenhaus
i'm trying to build a simple SQL inline using values in variables:

[inline: ($db_connection),
-SQL=
'SELECT COUNT(*) AS repetitions, court_state
FROM cases_db
WHERE premises_products=\'Premises\'
AND date_created > \'+($start_date)+\'
AND date_created <= \'+($end_date)+\'
GROUP BY court_state
']

But my action statement keeps coming out as:

SELECT COUNT(*) AS repetitions, court_state FROM cases_db WHERE  
premises_products='Premises' AND date_created > '+($start_date)+' AND  
date_created <= '+($end_date)+' GROUP BY court_state

I've tried everything i can think of to get the date values to show  
up in the SQL statement -- tried the archives, tried the docs --  
obviously having a brain melt

Can anyone help me get "2007-08-01" rather than "($start_date)" to  
show up in my SQL statement?

many thanks

lee

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

[OT] Geezers

Lee Glickenhaus
In reply to this post by Brian Loomis-2
my recent arrival into full-blown geezerhood (50) has inspired my  
newest little project

can't resist  sharing -  hope it brings a smile or two:

http://www.boomeronboard.net

lee

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: building a SQL inline

jasonhuck
In reply to this post by Lee Glickenhaus
You've escaped single quotes for SQL, but haven't included a regular
single quote to end the string. Change:

\'+($start_date)+\'

To:

\''+($start_date)+'\'

...etc...

- jason




On 9/20/07, Lee Glickenhaus <[hidden email]> wrote:

> i'm trying to build a simple SQL inline using values in variables:
>
> [inline: ($db_connection),
> -SQL=
> 'SELECT COUNT(*) AS repetitions, court_state
> FROM cases_db
> WHERE premises_products=\'Premises\'
> AND date_created > \'+($start_date)+\'
> AND date_created <= \'+($end_date)+\'
> GROUP BY court_state
> ']
>
> But my action statement keeps coming out as:
>
> SELECT COUNT(*) AS repetitions, court_state FROM cases_db WHERE
> premises_products='Premises' AND date_created > '+($start_date)+' AND
> date_created <= '+($end_date)+' GROUP BY court_state
>
> I've tried everything i can think of to get the date values to show
> up in the SQL statement -- tried the archives, tried the docs --
> obviously having a brain melt
>
> Can anyone help me get "2007-08-01" rather than "($start_date)" to
> show up in my SQL statement?
>
> many thanks
>
> lee
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>


--
Find and Share Free Lasso Custom Tags at tagSwap.net!
Download hundreds of open source Lasso custom tags, and post your own
for others to use. RSS feeds track the newest and most popular tags.
http://tagSwap.net/

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: building a SQL inline

Doug Gentry
I do it this way...

AND date_created > " ' +$start_date + ' "
AND date_created <= " ' +$end_date + ' "

On Sep 20, 2007, at 11:49 AM, Jason Huck wrote:

> You've escaped single quotes for SQL, but haven't included a regular
> single quote to end the string. Change:
>
> \'+($start_date)+\'
>
> To:
>
> \''+($start_date)+'\'
>
> ...etc...
>
> - jason
>
>
>
>
> On 9/20/07, Lee Glickenhaus <[hidden email]> wrote:
>> i'm trying to build a simple SQL inline using values in variables:
>>
>> [inline: ($db_connection),
>> -SQL=
>> 'SELECT COUNT(*) AS repetitions, court_state
>> FROM cases_db
>> WHERE premises_products=\'Premises\'
>> AND date_created > \'+($start_date)+\'
>> AND date_created <= \'+($end_date)+\'
>> GROUP BY court_state
>> ']
>>
>> But my action statement keeps coming out as:
>>
>> SELECT COUNT(*) AS repetitions, court_state FROM cases_db WHERE
>> premises_products='Premises' AND date_created > '+($start_date)+' AND
>> date_created <= '+($end_date)+' GROUP BY court_state
>>
>> I've tried everything i can think of to get the date values to show
>> up in the SQL statement -- tried the archives, tried the docs --
>> obviously having a brain melt
>>
>> Can anyone help me get "2007-08-01" rather than "($start_date)" to
>> show up in my SQL statement?
>>
>> many thanks
>>
>> lee
>>
>> --
>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>
>>
>
>
> --
> Find and Share Free Lasso Custom Tags at tagSwap.net!
> Download hundreds of open source Lasso custom tags, and post your own
> for others to use. RSS feeds track the newest and most popular tags.
> http://tagSwap.net/
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>



---
Doug Gentry
Dynapolis & Southern Oregon University
p:  541-261-8501 / Toll Free: 866-890-6013
[hidden email]
www.dynapolis.com



--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: building a SQL inline

jasonhuck
Yep, you can do that if the datasource is MySQL, but most other
RDBMS's do not allow double quotes as string delimiters. I've stuck
with all single quotes since we also work with SQL Server. Of course,
you can use double quotes in Lasso, too, so you could also do this:

var('sql' = "select foo from bar where x = ' " + $bar + " ' ");

...but I just always thought that looked weird...

- jason




On 9/20/07, Doug Gentry <[hidden email]> wrote:

> I do it this way...
>
> AND date_created > " ' +$start_date + ' "
> AND date_created <= " ' +$end_date + ' "
>
> On Sep 20, 2007, at 11:49 AM, Jason Huck wrote:
>
> > You've escaped single quotes for SQL, but haven't included a regular
> > single quote to end the string. Change:
> >
> > \'+($start_date)+\'
> >
> > To:
> >
> > \''+($start_date)+'\'
> >
> > ...etc...
> >
> > - jason
> >
> >
> >
> >
> > On 9/20/07, Lee Glickenhaus <[hidden email]> wrote:
> >> i'm trying to build a simple SQL inline using values in variables:
> >>
> >> [inline: ($db_connection),
> >> -SQL=
> >> 'SELECT COUNT(*) AS repetitions, court_state
> >> FROM cases_db
> >> WHERE premises_products=\'Premises\'
> >> AND date_created > \'+($start_date)+\'
> >> AND date_created <= \'+($end_date)+\'
> >> GROUP BY court_state
> >> ']
> >>
> >> But my action statement keeps coming out as:
> >>
> >> SELECT COUNT(*) AS repetitions, court_state FROM cases_db WHERE
> >> premises_products='Premises' AND date_created > '+($start_date)+' AND
> >> date_created <= '+($end_date)+' GROUP BY court_state
> >>
> >> I've tried everything i can think of to get the date values to show
> >> up in the SQL statement -- tried the archives, tried the docs --
> >> obviously having a brain melt
> >>
> >> Can anyone help me get "2007-08-01" rather than "($start_date)" to
> >> show up in my SQL statement?
> >>
> >> many thanks
> >>
> >> lee
> >>
> >> --
> >> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> >> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> >> Manage your subscription: http://www.ListSearch.com/Lasso/
> >>
> >>
> >
> >
> > --
> > Find and Share Free Lasso Custom Tags at tagSwap.net!
> > Download hundreds of open source Lasso custom tags, and post your own
> > for others to use. RSS feeds track the newest and most popular tags.
> > http://tagSwap.net/
> >
> > --
> > This list is a free service of LassoSoft: http://www.LassoSoft.com/
> > Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> > Manage your subscription: http://www.ListSearch.com/Lasso/
> >
>
>
>
> ---
> Doug Gentry
> Dynapolis & Southern Oregon University
> p:  541-261-8501 / Toll Free: 866-890-6013
> [hidden email]
> www.dynapolis.com
>
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>


--
Find and Share Free Lasso Custom Tags at tagSwap.net!
Download hundreds of open source Lasso custom tags, and post your own
for others to use. RSS feeds track the newest and most popular tags.
http://tagSwap.net/

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: building a SQL inline

stevepiercy
In reply to this post by Lee Glickenhaus
I usually build my SQL statement surrounding it with "" so that I don't mess up on ' and escaping it with \'' within the statement.

[inline: ($db_connection),
-SQL=
"SELECT COUNT(*) AS repetitions, court_state
FROM cases_db
WHERE premises_products='Premises'
AND date_created > '"+($start_date)+"'
AND date_created <= '"+($end_date)+"'
GROUP BY court_state
"]

--steve


On Thursday, September 20, 2007, [hidden email] (Lee Glickenhaus) pronounced:

>i'm trying to build a simple SQL inline using values in variables:
>
>[inline: ($db_connection),
>-SQL=
>'SELECT COUNT(*) AS repetitions, court_state
>FROM cases_db
>WHERE premises_products=\'Premises\'
>AND date_created > \'+($start_date)+\'
>AND date_created <= \'+($end_date)+\'
>GROUP BY court_state
>']
>
>But my action statement keeps coming out as:
>
>SELECT COUNT(*) AS repetitions, court_state FROM cases_db WHERE  
>premises_products='Premises' AND date_created > '+($start_date)+' AND  
>date_created <= '+($end_date)+' GROUP BY court_state
>
>I've tried everything i can think of to get the date values to show  
>up in the SQL statement -- tried the archives, tried the docs --  
>obviously having a brain melt
>
>Can anyone help me get "2007-08-01" rather than "($start_date)" to  
>show up in my SQL statement?
>
>many thanks
>
>lee
>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy               Web Site Builder               Soquel, CA
<[hidden email]>                  <http://www.StevePiercy.com/>

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: building a SQL inline

Bil Corry-3
Steve Piercy - Web Site Builder wrote on 9/20/2007 3:07 PM:
> I usually build my SQL statement surrounding it with "" so that I don't mess up on '

I do the same.  And FWIW, there's a brief primer on SQL injection here, which is important to understand if using -SQL inlines:

<http://ldml.org/articles/SQL_Injection.lasso>


- Bil


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: building a SQL inline

Marc Pinnell-3
Bil,

Maybe I have been operating under a false sense of security, but I  
remember a discussion/article a couple of years ago from Miles (or  
was it Fletcher) that said that Lasso did the encoding automatically  
and it didn't need to be implicitly set as your article suggests. Has  
something changed in Lasso?

marc


On Sep 20, 2007, at 1:19 PM, Bil Corry wrote:

> Steve Piercy - Web Site Builder wrote on 9/20/2007 3:07 PM:
>> I usually build my SQL statement surrounding it with "" so that I  
>> don't mess up on '
>
> I do the same.  And FWIW, there's a brief primer on SQL injection  
> here, which is important to understand if using -SQL inlines:
>
> <http://ldml.org/articles/SQL_Injection.lasso>
>
>
> - Bil
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: building a SQL inline

Brian K. Middendorf
> Maybe I have been operating under a false sense of security, but I  
> remember a discussion/article a couple of years ago from Miles (or  
> was it Fletcher) that said that Lasso did the encoding  
> automatically and it didn't need to be implicitly set as your  
> article suggests. Has something changed in Lasso?

That is for standard inlines.  SQL inlines need to be encoded.

-brian.



--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: building a SQL inline

Greg Willits-2
In reply to this post by Marc Pinnell-3
If you write your own -sql code, you need to the injection prevention  
steps yourself.

encode_sql takes care of most of it. type casting is another  
important technique, and there are potentially others. sql injection  
can take on some tricky approaches, not all of which I have memorized.

-- gw


On Sep 20, 2007, at 1:39 PM, Marc Pinnell wrote:

> Maybe I have been operating under a false sense of security, but I  
> remember a discussion/article a couple of years ago from Miles (or  
> was it Fletcher) that said that Lasso did the encoding  
> automatically and it didn't need to be implicitly set as your  
> article suggests. Has something changed in Lasso?
>
> marc
>
>
> On Sep 20, 2007, at 1:19 PM, Bil Corry wrote:
>
>> Steve Piercy - Web Site Builder wrote on 9/20/2007 3:07 PM:
>>> I usually build my SQL statement surrounding it with "" so that I  
>>> don't mess up on '
>>
>> I do the same.  And FWIW, there's a brief primer on SQL injection  
>> here, which is important to understand if using -SQL inlines:
>>
>> <http://ldml.org/articles/SQL_Injection.lasso>


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: building a SQL inline

Marc Pinnell-3
Oh-oh, and cr*p! That's a lot of code to go back over - looks like I  
am in for some long sessions in the near future.

Marc

On Sep 20, 2007, at 1:52 PM, Greg Willits wrote:

> If you write your own -sql code, you need to the injection  
> prevention steps yourself.
>
> encode_sql takes care of most of it. type casting is another  
> important technique, and there are potentially others. sql  
> injection can take on some tricky approaches, not all of which I  
> have memorized.
>
> -- gw
>
>
> On Sep 20, 2007, at 1:39 PM, Marc Pinnell wrote:
>
>> Maybe I have been operating under a false sense of security, but I  
>> remember a discussion/article a couple of years ago from Miles (or  
>> was it Fletcher) that said that Lasso did the encoding  
>> automatically and it didn't need to be implicitly set as your  
>> article suggests. Has something changed in Lasso?
>>
>> marc
>>
>>
>> On Sep 20, 2007, at 1:19 PM, Bil Corry wrote:
>>
>>> Steve Piercy - Web Site Builder wrote on 9/20/2007 3:07 PM:
>>>> I usually build my SQL statement surrounding it with "" so that  
>>>> I don't mess up on '
>>>
>>> I do the same.  And FWIW, there's a brief primer on SQL injection  
>>> here, which is important to understand if using -SQL inlines:
>>>
>>> <http://ldml.org/articles/SQL_Injection.lasso>
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Which tag for number format?

Diane Houdek
Pardon the stupidity, but I've got data coming out of FileMaker that represents numbers of people, how do I format it so the commas for US English display when the field is displayed.  Do I use [decimal] or [scientific] and then set the locale or is there another way to do this?

Thanks,
Diane


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: building a SQL inline

Greg Willits-2
In reply to this post by Marc Pinnell-3
This is where an abstracted query builder is very handy, like the one  
in PageBlocks. It centralizes all this stuff and more like error  
handling and logging for all queries in one place. If you learn about  
a new injection technique to prevent, you (generally) only have one  
place to update your code.

http://www.pageblocks.org/refc/fwp_recordData

-- gw


On Sep 20, 2007, at 1:58 PM, Marc Pinnell wrote:

> Oh-oh, and cr*p! That's a lot of code to go back over - looks like  
> I am in for some long sessions in the near future.
>
> On Sep 20, 2007, at 1:52 PM, Greg Willits wrote:
>
>> If you write your own -sql code, you need to the injection  
>> prevention steps yourself.
>>
>> encode_sql takes care of most of it. type casting is another  
>> important technique, and there are potentially others. sql  
>> injection can take on some tricky approaches, not all of which I  
>> have memorized.
>>
>>
>> On Sep 20, 2007, at 1:39 PM, Marc Pinnell wrote:
>>
>>> Maybe I have been operating under a false sense of security, but  
>>> I remember a discussion/article a couple of years ago from Miles  
>>> (or was it Fletcher) that said that Lasso did the encoding  
>>> automatically and it didn't need to be implicitly set as your  
>>> article suggests. Has something changed in Lasso?
>>>
>>> marc
>>>
>>>
>>> On Sep 20, 2007, at 1:19 PM, Bil Corry wrote:
>>>>
>>>> FWIW, there's a brief primer on SQL injection here, which is  
>>>> important to understand if using -SQL inlines:
>>>>
>>>> <http://ldml.org/articles/SQL_Injection.lasso>


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: Which tag for number format?

Trevor Borgmeier
In reply to this post by Diane Houdek
You would use [integer->setformat(-groupchar=',')]

Diane Houdek wrote:
> Pardon the stupidity, but I've got data coming out of FileMaker that represents numbers of people, how do I format it so the commas for US English display when the field is displayed.  Do I use [decimal] or [scientific] and then set the locale or is there another way to do this?
>
> Thanks,
> Diane
>
>
>  

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: Which tag for number format?

Diane Houdek
So like this:

[(field:'pop02')->setformat(-groupchar=',')]

Yes? The reason I'm asking is the display is blank when I use the above code.

>>> On 9/20/2007 at 4:16 PM, in message <[hidden email]>, Trevor
Borgmeier <[hidden email]> wrote:

> You would use [integer->setformat(-groupchar=',')]
>
> Diane Houdek wrote:
>> Pardon the stupidity, but I've got data coming out of FileMaker that
> represents numbers of people, how do I format it so the commas for US English
> display when the field is displayed.  Do I use [decimal] or [scientific] and
> then set the locale or is there another way to do this?
>>
>> Thanks,
>> Diane
>>
>>
>>  


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: Which tag for number format?

Doug Gentry
Lasso treats fields, by default, as strings. So you need to tell it  
that this field should be an integer:

[(integer:(field:'pop02'))->setformat(-groupchar=',')]

...Doug

On Sep 20, 2007, at 2:33 PM, Diane Houdek wrote:

> So like this:
>
> [(field:'pop02')->setformat(-groupchar=',')]
>
> Yes? The reason I'm asking is the display is blank when I use the  
> above code.
>
>>>> On 9/20/2007 at 4:16 PM, in message  
>>>> <[hidden email]>, Trevor
> Borgmeier <[hidden email]> wrote:
>> You would use [integer->setformat(-groupchar=',')]
>>
>> Diane Houdek wrote:
>>> Pardon the stupidity, but I've got data coming out of FileMaker that
>> represents numbers of people, how do I format it so the commas for  
>> US English
>> display when the field is displayed.  Do I use [decimal] or  
>> [scientific] and
>> then set the locale or is there another way to do this?
>>>
>>> Thanks,
>>> Diane
>>>
>>>
>>>
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>



---
Doug Gentry
Dynapolis & Southern Oregon University
p:  541-261-8501 / Toll Free: 866-890-6013
[hidden email]
www.dynapolis.com



--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: building a SQL inline

stevepiercy
In reply to this post by Marc Pinnell-3
<http://reference.lassosoft.com/Reference.LassoApp?686>
Important: Any visitor supplied values which are concatenated into a SQL statement must be escaped in order to prevent SQL injection attacks. Values passed to other inline actions such as -Search, -Add, or -Update are automatically encoded by Lasso. Values passed to MySQL must be encoded using the [Encode_SQL] tag. Values passed to other SQL-based data sources such as JDBC data sources or SQLite should use the [Encode_SQL92] tag.

--steve


On Thursday, September 20, 2007, [hidden email] (Marc Pinnell) pronounced:

>Bil,
>
>Maybe I have been operating under a false sense of security, but I  
>remember a discussion/article a couple of years ago from Miles (or  
>was it Fletcher) that said that Lasso did the encoding automatically  
>and it didn't need to be implicitly set as your article suggests. Has  
>something changed in Lasso?
>
>marc
>
>
>On Sep 20, 2007, at 1:19 PM, Bil Corry wrote:
>
>> Steve Piercy - Web Site Builder wrote on 9/20/2007 3:07 PM:
>>> I usually build my SQL statement surrounding it with "" so that I  
>>> don't mess up on '
>>
>> I do the same.  And FWIW, there's a brief primer on SQL injection  
>> here, which is important to understand if using -SQL inlines:
>>
>> <http://ldml.org/articles/SQL_Injection.lasso>
>>
>>
>> - Bil
>>
>>
>> --
>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>
>
>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy               Web Site Builder               Soquel, CA
<[hidden email]>                  <http://www.StevePiercy.com/>

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

12