Please look at the following code, If i do not perform the “Sanitary” steps in the function the code does not replace the string values.
can some one help me understand this?
Complete code :
<script type="text/javascript">
function replaceString(orgStr,oldStr,newStr){
//############# Sanitary Steps #############//
oldStr = oldStr .replace(/[ ]+/g,"$");
oldStr = oldStr .replace(/[$]+/g," ");
orgStr = orgStr .replace(/[ ]+/g,"$");
orgStr = orgStr .replace(/[$]+/g," ");
newStr = newStr .replace(/[ ]+/g,"$");
newStr = newStr .replace(/[$]+/g," ");
//############# Sanitary Steps #############//
orgStr = orgStr.replace(oldStr,newStr);
if(orgStr.indexOf(oldStr) != -1){
orgStr = replaceString(orgStr,oldStr,newStr)
}
return orgStr;
}
var fields = ['"Employee Expense Facts"."Total Expense"','"Expense Amount by Expense Type Facts"."Airfare Expense Amount"'];
var selectedField = 0;
var selectedField = 0;
var qry = 'SELECT rcount(1) s_0, "Employee Expenses"."Time"."Date" s_1, "Employee Expenses"."Employee Expense Facts"."Total Expense" s_2 FROM "Employee Expenses" WHERE ("Employee Expense Facts"."Total Expense" IS NOT NULL) ORDER BY 1, 2 ASC NULLS LAST WHERE ("Employee Expense Facts"."Total Expense" IS NOT NULL) ORDER BY 1, 2 ASC NULLS LAST';
qry = qry .replace(/[\n\t\r]+/g," ");
var qry2 = replaceString(qry,""+fields[0],""+fields[1]);
console.log(qry2);
</script>
Help me understand why I need to perform those sanitary steps???
I found the solution by just trial and error method.
My advise would be: Throw away all that code!
Now start again, handing the data from the client to the server via a normal formsubmit or an ajax call. Now process them serverside.
And always remember rule number one:
1) You can never trust all users to behave the way YOU want.
Thats why never ever create your SQL clientside!