SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


SSRS Parameter that give users options to insert values manual


SSRS Parameter that give users options to insert values manual

Author
Message
pitso.maceke
pitso.maceke
SSC Journeyman
SSC Journeyman (99 reputation)SSC Journeyman (99 reputation)SSC Journeyman (99 reputation)SSC Journeyman (99 reputation)SSC Journeyman (99 reputation)SSC Journeyman (99 reputation)SSC Journeyman (99 reputation)SSC Journeyman (99 reputation)

Group: General Forum Members
Points: 99 Visits: 213
I have a report where I want my users to insert their choice of account No on my parameter called account #. Using a muilt-value with drop-down is a good as we have a big list of account numbers. So the better way will be to give them an option to insert their own choice of account N0s. Can I get some help of how to do it.

Below is my clause for the parameter
[/quote]

Where A.acct_no in (@acct_no)

[quote]

Brandie Tarvin
Brandie Tarvin
SSCoach
SSCoach (15K reputation)SSCoach (15K reputation)SSCoach (15K reputation)SSCoach (15K reputation)SSCoach (15K reputation)SSCoach (15K reputation)SSCoach (15K reputation)SSCoach (15K reputation)

Group: General Forum Members
Points: 15332 Visits: 9006
Pitso,

You should be able to do it just fine using Parameters in SSRS, unless something changed in 2008 that I don't know about. I believe you make the value as Non-queried and they should be able to type in the value as they want.

The issue, though, is SQL Injection attacks. Google that phrase to understand just how major a problem this can be.

I don't know if SSRS can do this, but the best solution (if it can) is to design the parameter so it does a LIKE search as they start typing in numbers. The instant someone types 1, it pulls all the accounts beginning with 1, then when they add 2, the list narrows down to the 12... numbers, when they type 3, the list narrows down even further to 123... etc. That way, they can type in the number, but the parameter is filled in by the list and if the number they type doesn't exist, they can't enter in any injection attacks.

Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search