RE: SSRS Parameter that give users options to insert values manual

SSC Guru

Points: 172994

October 20, 2010 at 7:15 am

Pitso,

You should be able to do it just fine using Parameters in SSRS, unless something changed in 2008 that I don't know about. I believe you make the value as Non-queried and they should be able to type in the value as they want.

The issue, though, is SQL Injection attacks. Google that phrase to understand just how major a problem this can be.

I don't know if SSRS can do this, but the best solution (if it can) is to design the parameter so it does a LIKE search as they start typing in numbers. The instant someone types 1, it pulls all the accounts beginning with 1, then when they add 2, the list narrows down to the 12... numbers, when they type 3, the list narrows down even further to 123... etc. That way, they can type in the number, but the parameter is filled in by the list and if the number they type doesn't exist, they can't enter in any injection attacks.

Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/[/url]On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.