To generate reports, the report generator allows using data from various SQL sources. Since pure JavaScript doesn’t have built-in methods for working with remote databases, this functionality is implemented using server-side Python code. To work with SQL data sources, no additional actions are required, all data adapters are already connected and configured for work.

 

 

Data loading event

Working with SQL data sources does not require any additional actions; all data adapters are already connected and configured. If it is necessary to process parameters used for connecting to the data, the onBeginProcessData event of the report object is provided. This event can be triggered on either the client- or server-side. The event arguments will contain all necessary parameters for connecting to the SQL data source, as well as the SQL query parameters. Detailed descriptions of the available argument values can be found in the Report Engine Events section.

 

An example of measuring a SQL query on the JavaScript client side, and a database connection string on the PHP server side:

 

 

 

 

Thus, in the onBeginProcessData event, you can determine the database type, connection name, and data source name, as well as view and, if necessary, adjust the connection string and SQL query for data retrieval, and set the query parameter values. When modifying argument values on the server-side, the modified values will not be passed to the client-side, allowing the use of confidential data such as login and password in the connection string, table names, prefixes, etc.

 

 

Data processing event

To view or adjust the loaded data before registering and generating the report, the onEndProcessData event of the report object is provided. The event arguments will include all necessary connection parameters to the SQL data source, as well as the query result, containing column names, column types, and data rows retrieved from the SQL source. A detailed description of the available properties passed in event arguments can be found in the Report Engine Events section.

 

An example of the result of executing an SQL query, where the result already contains data prepared for the report:

 

 

 

 

The available properties of the data object are listed in the table:

 

 

 

All data from the SQL query execution result can be changed both on the JavaScript client side and on the PHP server side. The number of columns and data types must match to prevent incorrect interpretation of data by the report engine.

 

Using parameters in an SQL query

If necessary, you can use parameters in an SQL query. To do this, add parameters to a special collection in the data source and set the required type and default value for each parameter. After that, the parameters can be used in the SQL query as follows:

 

 

 

All parameter values ​​are stored in the data source itself as a collection. The collection is an array of objects containing the parameter name, its type, and value. An example of the structure of the parameter array on the client's JavaScript side:

 

 

To access the request parameters, you can use the onBeginProcessData event, the parameter collection will be passed in the event arguments. It is allowed to change the values ​​of any parameters in the passed collection. An example of changing the value of the same parameter on the client JavaScript side and on the server PHP side:

 

 

 

 

When modifying query parameter values, the type of the new value must match the type of the parameter being changed. Otherwise, executing the SQL query may return incorrect data or cause an internal execution error.

 

If the report uses multiple data sources, you must perform a check before assigning parameter values. Otherwise, a PHP script execution error may occur if any parameter is missing from the current data source.

 

 

 

Using report variables as SQL parameters

It is possible to use a variable as an SQL parameter. To do this, set the property Allow using as SQL parameter in the report variable editor, after which it can be used in any SQL query. The syntax will be exactly the same as when using parameters in the data source.

 

 

 

Escaping parameter values

All parameter values will be automatically escaped to prevent SQL injections and ensure query execution security. If escaping is not required and you control the security of parameter values yourself, automatic escaping can be disabled. To do this, set the escapeQueryParameters property to False in the event handler:

 

 

 

After setting the specified property, using parameters becomes unsafe, and you must strictly control the values before executing SQL queries.

 

 

Encrypting data sent to the client-side

If general data encryption is enabled using the encryptData option, all data sent to the client, including data from SQL sources, will be encrypted. This improves security but may slow down performance with large data volumes. There is an option to disable encryption specifically for SQL data sent to the client. To do this, simply set the encryptSqlData property of the event handler to False. After that, all data will be transmitted in plain JSON format. This should not significantly affect security, as only the data already displayed in the report will be sent in unencrypted form.