1

I am having some trouble with a regular expression (don't know if what I want to do is possible.)

Scenario:

I have an input area where users can write some text. They would like to be able to also execute some SQL query where the result is then going to be displayed in the text, when the text is sent to a customer in an email.

Rough example:

#

Hi

I have attached the invoice SQL(SELECT DocNumber FROM X WHERE DocEntry IN (SELECT DocEntry FROM X););

Please provide payment for the invoice.

Regards

#

I am having some difficulties handling that the users can write () and ; in SQL.

Have anyone done something like this before with regex or am I going to do have to do some ugly split, substring and last index of in C#?

Any comments/suggestions would be much appreciated.

Improve this question
3
  • 1
    if you can't change YOUR syntax, you could use regexp to find the start of the SQL(...); then use brace matching to find the end. (iterate through adding and subtracting when you hit a brace, until the count returns to zero. Commented Jul 5, 2012 at 12:22
  • 2
    What happens if someone types drop table X; instead? Commented Jul 5, 2012 at 12:23
  • @richard: Thank you that might work. Commented Jul 5, 2012 at 12:29

1 Answer 1

Reset to default
3

You really don't want to do this. Why not just use templating, so your user can type %%invoiceNo%% and your code looks up the invoice number using the appropriate query?

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

"You really don't want to do this"
Thank you for the comment. Well the system has more than 900 tables and lots of fields so for me to create templates for all of them would be hard (ie impossible). We already have keywords that provide lots of information but the users wants more and more specialized fields provided so this (if possible) would be a great solution going forward.
@user1029651 of course it is possible to do it your way, as suggested by richard in the comment on your question. You will however shoot yourself in the foot, for example when you use the same query for multiple reports and you want to change the query but don't change it everywhere, which will lead to different results. You'd better add a layer in between where you link queries to template fields, so you can easily reuse queries without cluttering your mail templates.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.