Page 1 of 1

HMGSCRIPT Next Steps...

Posted: Sun Dec 21, 2014 12:36 am
by Roberto Lopez
Hi All,

My main goal at this moment is to make HMGSCRIPT, independent of server technology, meaning that the library and client app code could work with any backend without modifications.

Basically, I'm removing dbquery, dbappend, dbdelete and dbmodify functions from the library and replacing with only one function that should be used for all the server requests.

So, using dbquery as an example, the following code:

Code: Select all

	aRecordSet = DbQuery ( 'table' , 
		[ 'code' , 'first' , 'last' , 'birth' , 'married' ] , 
		'code<=10 .or. code>=1000' , '' );
Will be replaced by:

Code: Select all

	aRecordSet = httpRequest ( '/cgi-bin/myquery.cgi' , 'table' , 
		[ 'code' , 'first' , 'last' , 'birth' , 'married' ] , 
		'code<=10 .or. code>=1000' , '' );
This is already working in my tests.

Another thing to be done, is to make array data transfers using a standard format (probably JSON) but I've not decided yet.

Re: HMGSCRIPT Next Steps...

Posted: Sun Dec 21, 2014 1:15 am
by Roberto Lopez
And...

Currently, this is the code for the new httpRequest function:

Code: Select all

//////////////////////////////////////////////////////////////////////////////////
// HttpRequest
//////////////////////////////////////////////////////////////////////////////////

function httpRequest()
{

	var i;

	var cmd = '';

	for (i = 1; i < arguments.length; i++)
	{

		if ( type(arguments[i]) == 'array' ) 
		{
			cmd += 'par_' + i.toString() + '=' + escape(JsToHrb(arguments[i]));
		}
		else
		{
			cmd += 'par_' + i.toString() + '=' + escape(arguments[i]);
		}

		cmd += '&' ;

	}

	cmd += 'sessionId=' + cSessionId;

	var xmlHttp=new XMLHttpRequest();
	xmlHttp.open( "POST" , arguments[0]  , false ) ;
	xmlHttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
	xmlHttp.send( cmd );

	if ( xmlHttp.responseText.slice(0,7) == 'ERROR -' )
	{
		alert(xmlHttp.responseText);
		return '';
	}
	else
	{

		var tmp = xmlHttp.responseText;
	        var strResponseArray = tmp.split('\n');
		var strContentArray = strResponseArray[0].split('\t');
		var nRecordCount = strResponseArray.length;

		if ( nRecordCount > 0 )
		{

			var nFieldCount = strContentArray.length;
			var aRecordSet = new Array(nRecordCount); 

			for ( var i = 0; i < nRecordCount; i++) 
			{ 
				strContentArray = strResponseArray[i].split('\t');
				aRecordSet[i] =  new Array(nFieldCount);  
				for (j=0; j < nFieldCount; j++) 
				{ 
					aRecordSet[i][j] = strContentArray[j]; 
				} 

			} 

			return aRecordSet ;

		}
		else
		{		
			return xmlHttp.responseText;
		}

	}

}
The server side (Harbour) code, is exactly the same as 'query.prg' excepting parameter names.

They must be:

Code: Select all

	cTable		:= GetValue ( "par_1" )
	aColumns	:= &(GetValue (  "par_2" ) )
	cForExpr	:= GetValue (  "par_3" )
	cOrder		:= GetValue (  "par_4" )
	cSessionId	:= GetValue (  "sessionId" )

Re: HMGSCRIPT Next Steps...

Posted: Sun Dec 21, 2014 1:22 am
by Roberto Lopez
Finally:

Another benefit of this scheme, is enhanced security.

As I've stated in another post, having generic (very powerful) functions like dbDelete, dbAppend, etc. could become a serious security risk.

Replacing them by customized server procedures, with limited functionality, will give us a more secure infrastructure.

Re: HMGSCRIPT Next Steps...

Posted: Sun Dec 21, 2014 1:36 am
by Pablo César
Nice Roberto !

Re: HMGSCRIPT Next Steps...

Posted: Sun Dec 21, 2014 9:50 am
by serge_girard
Thanks Roberto !

Serge