Multiselect Field for Excel Report

I have an Excel report which I need to filtrer for 'statusi_d' (One or more than one), mi query for obtain the information ends as shown ---> ..... WHERE STATUS_COLUMN IN (?)',FIELD_STATUS_COLUMN)}" it works only if I have select one status, but when two or more are selected it crashed with the message:

Null value or expected variable missing in expression "${ppmdb.execQuery('select ........ WHERE STATUS_COLUMN IN (?)',FIELD_STATUS_COLUMN)}".

inside tag "forEach" (net.sf.jett.tag.ForEachTag), at Hoja1!A

Is there a possible way to work with multiselect field for Excel Reports?

Regards!

Thanks

 
  • Suggested Answer

    0  

    Hi Perla,

    Of course there's a solution. The problem is that your code behaves like if you had only one parameter, with a string value. It will not even notice that you can have multiple values in it. You must have every parameter one by one, with one "?" in your SQL for each parameter in the query, and then pass every parameter individually - or more conveniently, as an array of parameter values.

    So, since you don't know how many parameters you will get in your filter until runtime, the trick is to preprocess the data with a bit of script code. As a reminder, you can run script code (with JEXL syntax) anywhere in your excel template (before calling the SQL code of course) in a block like that: ${{ ... your code here ... ; return ''; }}  

    So, in your case, the trick is to do some scripting code that will do this:

    1) Read the parameter string value, and convert it from a single string of values separated by commas into an array of values; let's call this variable myValuesArray.

    2) Create a single String of comma-separated "?" with as many "?" as you have parameters, let's call this variable "myQuestionMarksStr".

    Then when you call your SQL query, use this:

    "... WHERE STATUS_COLUMN IN ('.concat(myQuestionMarksStr).concat(')',myValuesArray)}"

    And it should work as expected. Note that I concatenated strings with .concat(...) instead of just using "+" - but it may as well work with "+", you can give it a try and see if it works for you.

    Don't hesitate to refer to JEXL syntax to create your two variables in the script block, there's quite a few differences from your average java code: https://commons.apache.org/proper/commons-jexl/reference/syntax.html

    Now, what I gave you is the official, secure, recommended solution. But if your code is just prototyping level , you can go with simple string concatenation - but that will open you to potential SQL injection attacks, which is why you should always avoid using this approach. In any case, if you decide to walk the short but unsecure path, you can directly inject the values parameter in the SQL String like that and bypass the whole script pre-processing: 

    "... WHERE STATUS_COLUMN IN ('.concat(FIELD_STATUS_COLUMN).concat(')')}"

    That is, if your parameters are all numerical values of course. That won't work if they are text values as you must enclose each such value is single quotes for the SQL string to be valid. In any case, patching SQL query together with string concatenation is highly unsecure and should be avoided, so try to make it work "the proper way", with a "?" parameterized query.