the ASIS keyword to build a dynamic WHERE clause in Connect SQL rules
Summary
A dynamically-created WHERE clause can add flexibility to SQL connections.
One technique for doing this is to use a property to store the text of your where clause, then simply reference this property in a Connect SQL rule.
Suggested Approach
For example, you can create a text property named DynamicWhere and use a Property-Set method to store the value:
"pyLabel like 'Mexico%'"
Then, in a Connect SQL rule, you can use this as a WHERE clause, using the syntax:
where {ASIS: pyWorkPage.DynamicWhere}
The ASIS keyword is essential, so that Process Commander does not place spaces or double quotes around the value.
Caution: In general, use of prepared statements is preferable to dynamically SQL statements, because the dynamic SQL statements may make your application vulnerable to SQL injection attacks, a serious flaw.
Use edit validation rules and other tests to ensure that the values contain only the expected characters, especially if values are accepted from a user input form.
For more information about SQL injection, see http://www.owasp.org/index.php/SQL_Injection.