You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2013-01-20 14:30:57
- LoPiTaL
- Member
- Registered: 2013-01-04
- Posts: 30
DELETE with SELECT URI parameter error
Hi everyone.
I am trying to send an HTTP DELETE with a select parameter in its URI to the server, in order to be able to delete more than one record at once.
Looking into the code, I have found this:
// ModelRoot/TableName?WhereClause to delete members
SQLWhere := Trim(UrlDecode(URI.Parameters));in the URI method of TSQLRestServer class, in the 'mDELETE' case statement.
The problem is that the URI parameters, if logged as a user, is not only the where clause, but also the signature, like this:
'Name=:(''NameToDeleteEveryRecordFromIt''):&session_signature=000000410000000837DEB7E6'
so the generated variable SQLWhere is invalid, containing the where clause desired (Name=:(''NameToDeleteEveryRecordFromIt''):), but also the other URI parameters (&session_signature=000000410000000837DEB7E6).
I think that the parsing of the SQL where parameter should be done the same way as any other parameter, using:
UrlDecodeValue(URI.Parameters,'WHERE=',SQLWhere,@URI.Parameters);so the URI should be "ModelRoot/TableName?where=WhereClause" instead of "ModelRoot/TableName?WhereClause".
Of course, this will make a breaking change, because the previous DELETE calls will not work with the new implementation; but without it, I think it is impossible to delete multiple records at once (most part of the time, the clients will be logged in, thus session_signature will always be appened).
Best regards,
LoPiTaL
Offline
#2 2013-01-20 14:59:16
Re: DELETE with SELECT URI parameter error
Nice catch.
You may have created a ticket for this in http://synopse.info/fossil/reportlist
I've changed RESTful URI to ModelRoot/Table?where=WhereClause to delete members to fix issues when authentication is set.
See http://synopse.info/fossil/info/c06bd3a343
Thanks for the report, and detailed investigation.
This is a pleasure to commit fixes with users like you!
Offline
Pages: 1