Syteview™ - Data Controls
    
   
Overview

Syteview provides several Data Controls which can be used to pass data requests through your Microsoft IIS web server to your SQL Server.  These data controls will format and return the data retrieved from your SQL Server to the originating client or application.  Before passing each data request on to the SQL Server our Data Controls parse each parameter and will reject any request containing potentially dangerous character strings.  This parameter validation is preconfigured to filter out SQL Injection and Cross-site Scripting attacks, and is easily extended to accomodate new attacks or filter requirements.



XML Data Control

The Syteview XML Data Control accepts a stored procedure name and parameters and returns the retrieved data as an XML document.  This XML document can be used by most modern applications, allowing you to provide XML formatted access to your live Symix™ and Syteline™ ERP data natively inside of all Microsoft Office Products (and most other web enabled applications).  This Data Control resides in the SQL2XML.DLL on your web server.   It does not have to be downloaded to your user's computer.


HTML Data Control

The Syteview HTML Data Control is used to pass data requests from your users' web browsers to your SQL Server and then format the retrieved records into an HTML table which is returned to the web browser.  This Data Control resides in the ASP2SQL.DLL on your web server.  It does not have to be downloaded to your user's computer.


Using the HTML Data Control with Active Server Web Pages

Your user's web browser accesses this data control by requesting an Active Server Page (ASP) from the web server.   The web server loads the Data Control and makes its methods available to the Active Server Page.  Each of the Syteview HTML web pages that return data to the client’s web browser make use of this Data Control.  See Modifying-Web-Templates for more information on using the Syteview Data Control in Active Server Pages.


Using the Data Control with other Programs

You can also make use of this data control in other programs such as Microsoft Visual Basic, Excel, Access, or include it in your own Active Server Pages.  To use the data control in one of your own programs you will normally make reference to it just as you would any other ActiveX object, then in the course of your program you will create the object and then call its various functions (methods) passing them parameters that specify the data that you want and the format that it is to take.


Visual Basic

To use the Syteview Data Control in a Visual Basic project you must first make a reference to it.  To do this, pull down the Project menu and select References.  In the References dialog box select the ASP2SQL control and then click the OK button.



Note: If the ASP2SQL dll is not listed in the References dialog box then you will need to install and register it on the computer.  To do this, copy the ASP2SQL.dll file from the Syteview Installation CD \Syteview_DataControls\ASP2SQL directory onto your computer and then run REGSVR32 ASP2SQL.DLL to register it.

To use the data control you must first create an instance of the control. There are two ways to do this, either by using the “new” keyword or by using the CreateObject function.

    Example - Using NEW

        Dim DataControl As New ASP2SQL.SQLConnect

    Example - Using CreateObject

        Dim DataControl As ASP2SQL.SQLConnect
        Set DataControl = CreateObject("ASP2SQL.SQLConnect")


Once you have created the DataControl object you make use of it by calling any of its functions, for example, the GetTableRows function will call a stored procedure and return the records in formatted HTML table:

   strResult = DataControl.GetTableRows("", "", DSN, tblname, columns, rows, "", tableattribs, "", "", rowattribs, "", "", "", "", sp, sp_params, "")


There is a Visual Basic program in the \Syteview_DataControls\ASP2SQL\TestForm directory on the Syteview Installation CD that lets you experiment with the Syteview Data Control, passing it different parameters and viewing the results.  The source code is included with the program, so you can see an example of creating and using the Syteview Data Control in a Visual Basic project.

Syteview Data Control - List of Functions

Function Name Parameters Description
FormatDate returns a data formatted string
datastring as string the string to format
dateformat as integer 1 = 'mm-dd-yyyy'
2 = 'mm-dd-yy'
3 = 'yyyy-mm-dd'
FormatWidth returns a centered string
txt as string the text string to center
txtwidth as integer width of the string to return
GetTableCells calls the stored procedure, returns each record in a table cell
loginid as string the loginid returned by a previous call to LoginSQL.  Leave blank if using Windows Authentication on the SQL Server.
ownerkey as string client's PKI Certificate.  Leave blank if using Windows Authentication on the SQL Server, or if a valid loginid is passed.
DSN Data Source Name that connects to the SQL Server
tblname name of the table to return
tblcolumns number of columns in the table
tblrows maximum number of rows in the table.  Limits the number of records returned.
pretblattribs HTML code to include in the returned string ahead of the <TABLE> tag
tblattribs HTML code to include in the returned string inside of the <TABLE> tag
posttblattribs HTML code to include in the returned string after the closing </TABLE> tag
prerowattribs HTML code to include in the returned string ahead of the <TR> tag
rowattribs HTML code to include in the returned string inside of the <TR> tag
postrowattribs HTML code to include in the returned string after the closing </TR> tag
precellattribs HTML code to include in the returned string ahead of the <TD> tag
cellattribs HTML code to include in the returned string inside of the <TD> tag
postcellattribs HTML code to include in the returned string after the closing </TD> tag
sp as string name of the stored procedure to call
sp_params as string stored procedure parameters
closingattribs HTML code to include at the end of the returned string
GetTableRows calls the stored procedure, returns each record in a table row
loginid as string the loginid returned by a previous call to LoginSQL.  Leave blank if using Windows Authentication on the SQL Server.
ownerkey as string client's PKI Certificate.  Leave blank if using Windows Authentication on the SQL Server, or if a valid loginid is passed.
DSN Data Source Name that connects to the SQL Server
tblname name of the table to return
tblcolumns number of columns in the table
tblrows maximum number of rows in the table.  Limits the number of records returned.
pretblattribs HTML code to include in the returned string ahead of the <TABLE> tag
tblattribs HTML code to include in the returned string inside of the <TABLE> tag
posttblattribs HTML code to include in the returned string after the closing </TABLE> tag
prerowattribs HTML code to include in the returned string ahead of the <TR> tag
rowattribs HTML code to include in the returned string inside of the <TR> tag
postrowattribs HTML code to include in the returned string after the closing </TR> tag
precellattribs HTML code to include in the returned string ahead of the <TD> tag
cellattribs HTML code to include in the returned string inside of the <TD> tag
postcellattribs HTML code to include in the returned string after the closing </TD> tag
sp as string name of the stored procedure to call
sp_params as string stored procedure parameters
closingattribs HTML code to include at the end of the returned string
ReplaceString replaces characters in a string
fixstring as variant string to operate on
ochar as variant character to be replaced
nchar as variant character to replace with
StripQuotes removes double quotes from a string
fixstring as variant string to operate on
UrlFix replaces spaces in URLs with “%20” required by older web browsers
fixtring as string string to operate on


   
Syteview is a trademark of Multi-CAD Corporation Symix and Syteline are trademarks of Mapics Corporation