Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

INTENSION IS TO GIVE SQL QUERY STRING AS INPUT TO THE CUSTOM FUNCTION MODULE AND IT RETURN THE DATA

sumit2929
Discoverer
0 Kudos
342

Hi Expert,

I am trying to create a FM like /SAPDC/RFC_READ_TABLE2 In this table tab we put SQL query in option parameter.

SQL query is in combination of join two or more tables.

Once we pass SQL query which should return data of that tables.

Any one have similar code. please share.

Thank you,

Sumit

3 REPLIES 3

raymond_giuseppi
Active Contributor
0 Kudos
262

How do you handle security check?

Once this has been established with the administrator and security manager...

  • For the dynamic select, look in online help (or your system) for this sample: demo_dynamic_sql
  • For the format of data exchange, consider xml

moshenaveh
Community Manager
Community Manager
262

sumit2929

Hello,

Please be sure to use lower case letters in the title.

Regards,

Moshe

Sandra_Rossi
Active Contributor
262

What you are asking is rather complex because you must consider CL_ABAP_DYN_PRG to detect SQL injection attacks. So, you should parse the SQL query to split it in pieces, but then your code might contain vulnerabilities, and consequently I'd advise to not pass a SQL query directly, but a list of structured tokens which are used to build the SQL query and on which you can easily apply CL_ABAP_DYN_PRG.