In the last two examples, we modified a query at runtime to use a multiselect parameter. However, there are some issues with both approaches as we are modifying a SQL statement at runtime based on user input, which can lead to some security issues such as SQL injection attacks. This is not really a desirable condition, especially if these reports are going to be Internet facing. Fortunately, BIRT has the ability to allow for functionality to be extended, and to address this concern, we created a BIRT extension to do real time parameter binding to a SQL statement. In the following example, we are going to use the Innovent Solutions BIRT Functions Library in a SQL statement to bind a multiselect parameter.
- Go to the BIRT Functions Library website located at http://code.google.com/p/birt-functions-lib/.
- Make sure BIRT is closed before we perform this step. Download the
birt.functions.libJAR file that is appropriate for your version of BIRT. In this example, we will use 2.5.x. Copy the JAR file to the BIRT | plugins.
- Complete steps 1-16 from the Multiselecting parameters and binding them to a Data Set through Property Binding exercise.
- Open the Script Editor and using the Outline, select the root of the report. Select the
beforeFactoryevent from the drop-down list.
- If we open the Report Item Palette, it will have changed to the Script Editor palette. Under the BIRT Functions section, there will be a new category called
CustomFunctions. Here we will need theBindParameters()function. This is an initialization function that will replace anything with a special marker in our query with a report parameter. Double-click onBindParameter(), and as a parameter, use thereportContextvariable.
- We need to edit our query to utilize our multiselect parameter. From the Data Explorer, double-click on
setGetCustomerOrders.
- The next line is a special token that the
BindParameters()function looks for and inserts a report parameter into any marker prefixed by a $. The name after the $ must match a report parameter name. Add the following line to the end of the query:/* BIND and CUSTOMERS.CUSTOMERNUMBER in ($rprmGetCustomers) */
- Save and preview the report.
Using this example, we now have a only single query to maintain and the BindParameters() function will take care of checking for SQL injection and not allow invalid characters. The BIRT Functions Library has all sorts of neat functions such as the DisplayParameters() function that will add a table to the beginning of each report showing what parameters were used and their values, BirtLogger() that will work the Report Engines logging utility to add messages during report execution, and SetChartPalette() that will synchronize different charts color palettes. All these functions and more assist report developers. These are just some of the examples along with the BIRT Controls Library that showcase some of the functionality that BIRT lets us extend to go beyond the out of the box features.
Note
For more information on BIRT Extension Points, see my article on the Aggregation Extension Point at http://www.ibm.com/developerworks/opensource/library/os-eclipse-birtextpts/index.html?ca=drs-.
If one is looking for more examples on scripting in BIRT, he/she shouldn't look furthur than the Report Examples View and Chart Examples View. Both contain example reports that utilize scripting to demonstrate different techniques such as dynamically adding visibility rules, adding in dynamic maps, and scripted data sources.
