Replacing Insert, Update, and Delete with SQL Action

Labels
AJAX(112) App Studio(8) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(177) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(9) OAuth Scopes(1) OAuth2(13) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(11) PKCE(2) Postgre SQL(1) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(184) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(81) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(2) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
Friday, April 20, 2012PrintSubscribe
Replacing Insert, Update, and Delete with SQL Action

Web applications created with Code On Time have a built-in support for Insert, Update, and Delete actions. These actions are invoked when the end user is saving or deleting the existing record, or saving the new one.

The application framework analyses the values that were entered by the user and creates a dynamic SQL statement that will perform a corresponding operation on the base table of the data controller. The framework uses the data controller definition to identify the primary key fields, the base table name, and conflict detection strategy, when creating SQL statements at runtime.  User values are always incorporated in the dynamic SQL statements as parameters to eliminate any possibility of SQL injection attack.

If application business requirements are calling for a more complex processing of insert, update, and delete operations, then SQL action shall be considered.

The most common reason to replace the standard Insert, Update, or Delete action is the need to either update a table other than the base table or to change data rows in multiple tables.

Consider the following example that may be implemented in the Northwind sample.

If a new supplier is entered in the database, then
three generic product records must be created
to speed up the data entry process.

Let’s replace the standard Insert action in the Suppliers data controller with the custom SQL action that takes care of that.

Select the project name on the start page of the application generator and click Design.

Activate Controllers tab and select Suppliers / Actions / ag2 (Form) / a7 - Insert when New node in Project Explorer.

Action node 'a7 - Insert when New' selected in Project Explorer

Change the following properties in the action settings and click OK to save changes.

Property New Value
Command Name SQL
Command Argument Insert
Header Text OK
Data
select @SupplierID = SupplierID 
from Suppliers 
where CompanyName = @CompanyName

if @SupplierID is null
begin
    insert into Suppliers (
        CompanyName, ContactName, ContactTitle, 
        "Address", City, Region, PostalCode, Country, 
        Phone, Fax, HomePage)
    values (
        @CompanyName, 
@ContactName_NewValue,
@ContactTitle_NewValue, @Address, @City, @Region, @PostalCode, @Country, @Phone, @Fax, @HomePage ) select @SupplierID = @@IDENTITY insert into Products (ProductName, SupplierID, ReorderLevel) values ('Product 1', @SupplierID, 100) insert into Products (ProductName, SupplierID, ReorderLevel) values ('Product 2', @SupplierID, 100) insert into Products (ProductName, SupplierID, ReorderLevel) values ('Product 3', @SupplierID, 100) end

Select Suppliers / Actions / ag2 (Form) / a13 –Select, editForm1 when Insert action node. The purpose of this action is to select the newly created record in the read-only mode using form view editForm1. Let’s change this action to be invoked when the action a7 – SQL when New | OK has been successfully executed on the server.

Change the properties of the action a13 as follows.

Property New Value
When Last Command Name SQL
When Last Command Argument Insert
When Client Script  

The customized actions a7 and a13 displayed in Project Explorer are shown next.

Action 'a13 - Select,editForm when SQL, Insert' selected in Project Explorer

Click Browse button on the Designer toolbar to start the application in your default web browser. Start creating a new supplier record.

Enter “Tokyo Traders” as the company name and hit OK button.

Entering  a new supplier record in the Northwind sample app

Our SQL script is “smart”. We are making sure that duplicates are not entered in the database. The user will see the existing supplier record when that happens.

Automatic detection of duplicate entries implemented with 'SQL' action in a web app created with Code On Time

Now enter a new supplier with the company name “New Supplier”.

Creating a new supplier in a web app created with Code On Time web application generator

Click OK button to trigger the custom action a7. Application framework will locate the value of the action property Data specified in the data controller definition. The framework will bind the field values passed from the client web browser to the matching parameters detected in the SQL script.

Notice that parameters @ContactTitle_NewValue and @ContactName_NewValue will be bound to the new field values entered by the end user. In fact, all values are new and there is no need for explicit entering of the “_NewValue” suffix. The suffix can be useful when you are implementing an SQL action that must manipulate the field values of an existing data record. Use “_OldValue” suffix to reference the original field values when needed.

The SQL script also assigns the identity value of the new record to the @SupplierID parameter. The framework marks all “field” parameters as Input/Output. The application will pass the new value of SupplierID back to the client library.

This is how the Suppliers page will look when the action has been processed on the server.

Aa complex SQL action inserts a new supplier record and three linked products with generic names

The client library receives notification about the action result from the server and performs an iteration of the data controller action state machine in the web browser. It tries to match the next action that corresponds to a7. It happens to be the action a13. The client library invokes the action a13, which causes the new record to be selected in editForm1 view. Three products with generic names are available for modification in the child data view linked to the Products data controller.

Our example uses the standard INSERT statement. The SQL scripts entered in the Data property of SQL action can make use of any facilities provided by the database server including transactions, stored procedures, cursors, etc.

Implementation of a replacement for Update action must follow exactly the same rules. We suggest that you come up with your own example to try it out.

Let’s consider a sample implementation of Delete action. The first thing that comes to mind is an action that automatically deletes the supplier and all linked products.

Select Suppliers / Actions / ag2 (Form) / a2 – Delete action node on the Controllers tab in Project Explorer and change its properties as follows.

Property New Value
Command Name SQL
Header Text Delete
Data
delete from Products
where SupplierID = @SupplierID

delete from Suppliers 
where SupplierID = @SupplierID

set @SupplierID = null
Confirmation Delete supplier and its products?

Click Browse button and select a supplier on the Suppliers page. Click Delete button and you will see the confirmation.

Custom confirmation displayed in a web application created with Code On Time

If you confirm the action then the linked products and supplier record will be deleted.

Notice the line in the script that assigns NULL value to the parameter @SupplierID.

set @SupplierID = null

This will cause the client library to “forget” the last selected record. Child data views linked to the list of suppliers will become hidden and the selected record summary will disappear from the sidebar.

The client library 'forgets' the last selected record if 'SQL' action assings NULL to the parameters corresponding to the primary key fields