setting sql in this box can cause unwanted sideeffects:
especially when adding statements after the table reference. when using filtering in vidi, the where-clause is appended to the sql in the box making mapserver return nothing due to a faulty statement, in this case it would look like ...SELECT * FROM public.lukkede_sager order by sagsnummer desc WHERE sagsnummer = '10232472'... which has bad ordering.
i wholeheartedly agree that ordering in that manner is bad practice, however nothing prevents the user from doing it. i suggest adding a check to the textbox, making sure the statement ended with the name of the table, so that the user cannot add anything after. Even setting a where clause would break the call from mapserver.
in the cases we have spotted, mapserver returns an empty image - due to the faulty sql - but no error messages, an exception would be really nice here, as it it not really something you can catch or test in the admin console (cannot set filter).
setting sql in this box can cause unwanted sideeffects:
especially when adding statements after the table reference. when using filtering in vidi, the where-clause is appended to the sql in the box making mapserver return nothing due to a faulty statement, in this case it would look like
...SELECT * FROM public.lukkede_sager order by sagsnummer desc WHERE sagsnummer = '10232472'...which has bad ordering.i wholeheartedly agree that ordering in that manner is bad practice, however nothing prevents the user from doing it. i suggest adding a check to the textbox, making sure the statement ended with the name of the table, so that the user cannot add anything after. Even setting a where clause would break the call from mapserver.
in the cases we have spotted, mapserver returns an empty image - due to the faulty sql - but no error messages, an exception would be really nice here, as it it not really something you can catch or test in the admin console (cannot set filter).