Pages: 1

#1 2012-04-26 22:14:02

array81
Member
From: Italy
Registered: 2010-07-23
Posts: 411

Server service problem

To allow my user to use some SQL by EngineExecute (DELETE and UPDATE) I have create 2 service. These service are call withy right parameters but EngineExecute return always FALSE as result.

This is one of my service:

function TSQLRestServerDBWithService.ServiceRecordsDelete(var aParams: TSQLRestServerCallBackParams): Integer;
var
  Table, Codition: RawUTF8;
begin
  if not UrlDecodeNeedParameters(aParams.Parameters,'A,B') then
    begin
      Result := 404; // invalid Request
      Exit;
    end;

  while aParams.Parameters <> nil do
    begin
      UrlDecodeValue(aParams.Parameters,'A=',Table, @aParams.Parameters);
      UrlDecodeValue(aParams.Parameters,'B=',Codition, @aParams.Parameters);
    end;

  if (UTF8ToString(Table) <> '') and (UTF8ToString(Codition) <> '') then
    begin
      if Database.EngineExecute('DELETE FROM ' + UTF8ToString(Table) + ' WHERE ' + UTF8ToString(Codition)) then
        begin
          Result := 200;
        end
      else
        begin
          Result := 404;
        end;
    end
  else
    begin
      Result := 404;
    end;

  aParams.Resp := JSONEncodeResult([Result]);
end;

As you can see this is a very simple service. I have make some test, the service is always call when it needed, thye paramenters (Table and Codition are rights), the SQL is right (I can use it with your SynDB Explorer), but the EngineExecute return always FALSE.

Note I have make the test with user=User and with user=Supervisor, if I set user=Admin all works. I thinks also the simple user or supervisor can call a service server, right?

Do you have some ideas?

Last edited by array81 (2012-04-26 22:30:11)

Offline

#2 2012-04-27 11:46:25

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,660
Website

Re: Server service problem

You should not call this Database.EngineExecute but the EngineExecute method of TSQLRestServerDB.
Otherwise you'll miss the auto-prepared statement cache.
Even better, the EngineExecuteFmt() version.

And you are using unnecessary UTF8ToString() calls: none are to be written in your code.
You should better use EngineExecuteFmt() as:

if (Table<>'') and (Condition<>'') then 
  if EngineExecuteFmt('DELETE FROM % WHERE %',[Table,Condition]) then
    result := 200 else
    result := 404 else
  result :=  404;

In all cases, I do not understand what is your "Database" variable here.
This is not a standard member of mORMot classes.
I suspect you did something wrong with use of instances.

Offline

Pages: 1

Board footer

Powered by FluxBB