| ID | Name | Address 1 | Address 2 | City | State | Zip Code | Credit Limit | Discount Code |
|---|---|---|---|---|---|---|---|---|
| 1 | Jumbo Eagle Corp | 111 E. Las Olivas Blvd | Suite 51 | Fort Lauderdale | FL | 95117 | 100000 | N |
| 149 | John Valley Computers | 4381 Kelly Valley Ave | Suite 77 | Santa Clara | CA | 95117 | 70000 | L |
This example demonstrates an inline SQL Query being used to render a table.
An JSONObject is created to pull data from page parameters with blank string
defaults for the case where a parameter was not passed. The JSONObject
is then bound to the query, overriding the default of pulling values from
the JSP scopes. (i.e. page, request, session, application)
Values are encoded using the
${virge:html(value)}
function to prevent HTML injection.
<%@taglib uri="convirgance:web" prefix="virge" %>
<virge:object var="binding">
<virge:key name="zipcode" value="${param.zipcode}" default="" />
<virge:key name="state" value="${param.state}" default="" />
<virge:key name="discountCode" value="${param.discountCode}" default="" />
</virge:object>
<virge:query var="customers" jndi="jdbc/sample" binding="${binding}">
select * from APP.CUSTOMER
where (:zipcode = '' or ZIP = :zipcode)
and (:state = '' or STATE = :state)
and (:discountCode = '' or DISCOUNT_CODE = :discountCode)
<//virge:query>
<virge:iterate var="customer" items="${customers}">
<tr>
<td>${virge:html(customer.CUSTOMER_ID)}</td>
<td>${virge:html(customer.NAME)}</td>
<td>${virge:html(customer.ADDRESSLINE1)}</td>
<td>${virge:html(customer.ADDRESSLINE2)}</td>
<td>${virge:html(customer.CITY)}</td>
<td><a href="?state=${virge:html(customer.STATE)}">${virge:html(customer.STATE)}</a></td>
<td><a href="?zipcode=${virge:html(customer.ZIP)}">${virge:html(customer.ZIP)}</a></td>
<td>${virge:html(customer.CREDIT_LIMIT)}</td>
<td><a href="?discountCode=${virge:html(customer.DISCOUNT_CODE)}">${virge:html(customer.DISCOUNT_CODE)}</a></td>
</tr>
</virge:iterate>