I have been trying to return a record whose id has a dash (i.e. …/api/sqlViews/…/data.json?criteria=id:234-567); however the web API fails to recognize the parameter.
Is there a workaround for this or there is a bug in the system?
regards,
···
Sam Kasozi
Information Systems Consultant
HISP Uganda | GHSI - Uganda MOH - PH Emergency Operation Center
+256 788 993565 | +256 757 662752
Try reading about urlencode ... For an appropriate language
Which language are you using?
···
Sent from my BlackBerry® smartphone provided by Airtel Uganda.
-----Original Message-----
From: Sam Kasozi <kasozis@gmail.com>
Sender: "Dhis2-users"
<dhis2-users-bounces+stephocay=gmail.com@lists.launchpad.net>Date: Sun, 2 Nov 2014 17:14:58
To: dhis2-users@lists.launchpad.net<dhis2-users@lists.launchpad.net>
Subject: [Dhis2-users] Web API 'criteria' fails to recognize parameters with
special characters
That might help in some scenarios, however in this case, a dash is one of the acceptable characters in a URL. Trying to encode it with ‘%2D’ converts it back to a dash before being sent to the API.
this is not documented, but we only accept a-z 0-9 / alphanumerical characters + space for criteria filters and values. This is a security measure to avoid SQL injection and other spooky stuff (think about someone passing a drop table sql statement as a value). I think we can improve this by coming up with a character white-list including dash. Input appreciated.
Lars
···
On Sun, Nov 2, 2014 at 10:03 AM, Sam Kasozi kasozis@gmail.com wrote:
Hi Stephen,
That might help in some scenarios, however in this case, a dash is one of the acceptable characters in a URL. Trying to encode it with ‘%2D’ converts it back to a dash before being sent to the API.
On Sun, Nov 2, 2014 at 6:13 PM, Lars Helge Øverland larshelge@gmail.com wrote:
Hey Sam,
this is not documented, but we only accept a-z 0-9 / alphanumerical characters + space for criteria filters and values. This is a security measure to avoid SQL injection and other spooky stuff (think about someone passing a drop table sql statement as a value). I think we can improve this by coming up with a character white-list including dash. Input appreciated.
Lars
Sam Kasozi
Information Systems Consultant
HISP Uganda | GHSI - Uganda MOH - PH Emergency Operation Center
+256 788 993565 | +256 757 662752
On Sun, Nov 2, 2014 at 10:03 AM, Sam Kasozi kasozis@gmail.com wrote:
Hi Stephen,
That might help in some scenarios, however in this case, a dash is one of the acceptable characters in a URL. Trying to encode it with ‘%2D’ converts it back to a dash before being sent to the API.