Skip to content
Example front-end website and back-end for fully-dynamic filtering capabilities (column, operator, value). Fully protected from SQL Injection.
Branch: master
Clone or download
Eitan Blumin
Eitan Blumin xml proc
Latest commit 50ae2e8 May 15, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
DemoDB xml proc May 15, 2019
DemoDB_Publish removed space from DemoDB Publish dir Apr 29, 2019
DemoWebApp Updated bootstrap to 4.3.1 Apr 25, 2019
.gitignore Initial commit Dec 3, 2018
.travis.yml Create .travis.yml Apr 21, 2019
DynamicFilters.sln renamed solution Apr 15, 2019
DynamicFilters_Presentation_Eng.pptx updated notes Apr 30, 2019
LICENSE Initial commit Dec 3, 2018
README.md Update README.md May 10, 2019
_config.yml Set theme jekyll-theme-slate Apr 25, 2019

README.md

Dynamic Filters (a.k.a. FilterParseSearchParameters)

This repository includes an example front-end website, and a back-end database, for demonstrating fully-dynamic filtering capabilities (column, operator, value). Fully protected from SQL Injection, and based on "low-code development" principles.

It is the accompanying open-source project for the webinar Advanced Dynamic Search Queries and How to Protect Them.

This is an enhanced version of FilterParseXMLParameters which is available here:

https://eitanblumin.com/2018/10/28/dynamic-search-queries-versus-sql-injection

The new version introduces two new methods for dynamically parsing filter sets:

  1. Json parameter sets.
  2. Table-Valued Parameters.

As mentioned above, this repository also includes a fully-functional demo web app, implemented in ASP.NET Core MVC + Angular, to demonstrate the intended functionality on the front-end side.

The demo web app was built based on the following tutorial: https://medium.com/@levifuller/building-an-angular-application-with-asp-net-core-in-visual-studio-2017-visualized-f4b163830eaa

Prerequisites

Installation & Setup

  1. Start by forking or cloning this repository to your computer, and opening the DynamicFilters solution in Visual Studio.
  2. Creating the Database: Do one of the following:
    • Open the DemoDB_Create.sql script file and run it in your local SQL Server instance (must be in SQLCMD mode). Or:
    • Manually publish the DemoDB.dacpac file into your database. Or:
    • Open the DemoDB database project, and publish it to your local SQL Server instance.
  3. Optionally: Change the connection string in \DemoWebApp\appsettings.json in case you're not using default settings (localhost server, DemoDB database, Windows Authentication).
  4. This should only be done once: Right click on the run_me_first_npm_init.bat executable and Run it as Administrator , to install all angular dependencies and build the app.
  5. Whenever you want to run the app: Right click on the run_core_server.bat executable and Run it as Administrator.
  6. The web app should now be available at http://localhost:26048/client.html

Presentation

This GitHub repository also includes an accompanying Powerpoint presentation, available here:

Main Stored Procedures

The "FilterParse" stored procedures are the "main engine" for this solution. They can be found here:

You can’t perform that action at this time.