How to use parameterValues?

pcrock · ‎07-30-2021

I am trying to execute queries on a layer based on user input. All the examples I see for doing this look something like this:

query.where = "NAME = '" + rawUserInput + "'";

I'm aware that the risk of SQL injection is something the server administrator is responsible for taking care of, however even when ignoring potential security issues, we still have inconvenient bugs to be concerned about. I will still need to think about escaping single quotes, and who knows what other special characters, before dumping them into the query.

It would certainly be nice if we could do properly parameterized queries. I see there's a parameterValues property I could use, however I can't actually figure out how to use it, and I see no examples anywhere in all my web searches.

Are parameterized queries even possible? Can I have an example?

Related StackOverflow question

Related Reddit thread

UndralBatsukh · ‎08-02-2021

Hi there,

Just a quick note on the parameterValues. This parameter can only be used with ArcGIS map service that was published from a query layer. We will update the document to clarify this point.

This document talks about how to create a query layer in ArcGIS Pro and this rest api doc explains what parameterValues is.

Hope this clarifies what parameterValues does.

-Undral

View solution in original post

LefterisKoumis · ‎07-30-2021

I just use basic js. Below is a small sample of how I read the url parameters and process... So just grab your parameters from url (.../index.html?param1=xx&param2?=yy....) and do your query. This is a code in one of my custom widgets in WAB. So you will see use of this. Another option is to use node.js.

PS. I posted the code using the "insert code sample" and it looks good on preview. Don't know why when it's posted it shows with no formatting. Sorry.

urlSubstring = location.search;
console.log(urlSubstring)
if (urlSubstring.includes("?")) {
  this.geturl(urlSubstring);
}
-------
------
geturl: function (urlSubstring) {
  urlSubstring = location.search.substring(1);
  if (urlSubstring.indexOf("?") > 0) {
   var myparams1 = urlSubstring.split('?');
   urlSubstring = myparams1[1];
  }
  if (urlSubstring) {
    var params = urlSubstring.split('&');
    var length = params.length;
    var i;
    var index;
    index = -1;
    for (i = 0; i < length; i++) {
    var variablesPair = params[i];
    if ((index = variablesPair.indexOf("=")) >= 0) {
      var varReceived = variablesPair.substring(0, index);
      var valueReceived = variablesPair.substring(index + 1);
        if (varReceived == "apn") {
           apn = valueReceived;
           this.gettheParcel(apn);
           }
        if (varReceived == "county") {
-----
-----

UndralBatsukh · ‎08-02-2021

Hi there,

Just a quick note on the parameterValues. This parameter can only be used with ArcGIS map service that was published from a query layer. We will update the document to clarify this point.

This document talks about how to create a query layer in ArcGIS Pro and this rest api doc explains what parameterValues is.

Hope this clarifies what parameterValues does.

-Undral