In the last two examples, we modified a query at runtime to use a multiselect parameter. However, there are some issues with both approaches as we are modifying a SQL statement at runtime based on user input, which can lead to some security issues such as SQL injection attacks. This is not really a desirable condition, especially if these reports are going to be Internet facing. Fortunately, BIRT has the ability to allow for functionality to be extended, and to address this concern, we created a BIRT extension to do real time parameter binding to a SQL statement. In the following example, we are going to use the Innovent Solutions BIRT Functions Library in a SQL statement to bind a multiselect parameter.
birt.functions.lib
JAR file that is appropriate for your version of BIRT. In this example, we will use 2.5.x. Copy the JAR file to the BIRT | plugins. beforeFactory
event from the drop-down list. CustomFunctions
. Here we will need the BindParameters()
function. This is an initialization function that will replace anything with a special marker in our query with a report parameter. Double-click on BindParameter()
, and as a parameter, use the reportContext
variable. setGetCustomerOrders
. BindParameters()
function looks for and inserts a report parameter into any marker prefixed by a $. The name after the $ must match a report parameter name. Add the following line to the end of the query:/* BIND and CUSTOMERS.CUSTOMERNUMBER in ($rprmGetCustomers) */
Using this example, we now have a only single query to maintain and the BindParameters()
function will take care of checking for SQL injection and not allow invalid characters. The BIRT Functions Library has all sorts of neat functions such as the DisplayParameters()
function that will add a table to the beginning of each report showing what parameters were used and their values, BirtLogger()
that will work the Report Engines logging utility to add messages during report execution, and SetChartPalette()
that will synchronize different charts color palettes. All these functions and more assist report developers. These are just some of the examples along with the BIRT Controls Library that showcase some of the functionality that BIRT lets us extend to go beyond the out of the box features.
For more information on BIRT Extension Points, see my article on the Aggregation Extension Point at http://www.ibm.com/developerworks/opensource/library/os-eclipse-birtextpts/index.html?ca=drs-.
If one is looking for more examples on scripting in BIRT, he/she shouldn't look furthur than the Report Examples View and Chart Examples View. Both contain example reports that utilize scripting to demonstrate different techniques such as dynamically adding visibility rules, adding in dynamic maps, and scripted data sources.