× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2009

RE: Sorting an array to sequence a sub-file

I totally agree with you Jerry it is very unlikely on the green screen and
my comment was in jest but...

If at any point you are taking variable data and concat'n it into a string
which will later ran as sql, you are in theory at risk.

Say for example a select that allows a user to enter text to filter result,
a savy user could manipulate your sql statement. (The green screen is at an
advantage here because field sizes tend to be small so there isn't much room
the fit a attack in!!)

Or any sql statement that uses data from one file as input to a sql
statement, can you be sure that table hasn't been tampered with to contain
dirty SQL.

All the above is just me scaremongering but I guess it doesn't do any harm
to be aware of the theory!! You can get around this with prepared
statements.

Neill

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jerry Adams
Sent: 15 July 2009 19:53
To: Midrange Systems Technical Discussion
Subject: RE: Sorting an array to sequence a sub-file

I see the smiley, Neill, but I'll reply, anyway.

In my case these are internal, not internet, RPG IV apps. They are
predefined inquiries. The only options that the user has, for example, on
the inventory list is about five options for selecting the records to
display and, then, an option for what order, such as numeric, alphabetic,
etc. (Actually, they can order on multiple fields and order those.)

Like I said, I'm a novice at this SQL stuff; too used to writing RLA
programs (just wrote one today; when I got through, I said to myself, "Self,
you could have done that with SQL, ya know.") But I don't see how injection
could occur in our current environment.

Jerry C. Adams
IBM System i Programmer/Analyst
--
B&W Wholesale
office: 615-995-7024
email: jerry@xxxxxxxxxxxxxxx


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Neill Harper
Sent: Wednesday, July 15, 2009 12:59 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Sorting an array to sequence a sub-file

Are you parsing the input for the dynamic selects to catch any sql injection
attacks ;-)

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jerry Adams
Sent: 15 July 2009 18:42
To: Midrange Systems Technical Discussion
Subject: RE: Sorting an array to sequence a sub-file

Just to put this into context for this list (after all, this ain't the RPG
list), have you thought about using SQL? SELECT... with an ORDER BY...
into a cursor and then processing the cursor seems to work for me. I a real
novice at SQL, but I've written dynamic SELECT's where the user can choose
their own sort sequence (order). They seem to like that.

Jerry C. Adams
IBM System i Programmer/Analyst
--
B&W Wholesale
office: 615-995-7024
email: jerry@xxxxxxxxxxxxxxx


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Chris Bipes
Sent: Wednesday, July 15, 2009 9:16 AM
To: Midrange Systems Technical Discussion
Subject: RE: Sorting an array to sequence a sub-file

Can you read the source data, from file? By the date you want your
output sorted? Where does this data come from?



Chris Bipes
Director of Information Services
CrossCheck, Inc.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Dan Rasch
Sent: Wednesday, July 15, 2009 7:07 AM
To: midrange-l@xxxxxxxxxxxx
Subject: Sorting an array to sequence a sub-file




I have been asked to order a sub-file by a date, and plan to write to an
array instead of the

subfile record until it fills, sort the array, and then load the subfile
from this array.



Sure would be nice to see a SORTS (sort sub-file) command someday, but
probably not too hot.



One disadvantage I have is some of the prograns are in RPGIII, and my
subfile records exceed 256.

So I need more than one array, unless I convert to IV (I might).



Any gotcha's here?


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.