How to create report with dynamic query in Oracle APEX?

In Oracle APEX, most of the time you create a report based on a table or a SQL query. For both these options, the structure of the query has been decided at the time of creating the report. But sometimes it's not possible to define the query while creating the report and you need to build the query at the runtime depending on the user's input. You can create a report based on a dynamic SQL by setting the source type of the report to be Function Body returning SQL Query. The source of such a report is a function that computes the SQL query and returns it as a string.

Consider the report page shown below. It has two regions. The top region enables a user to select the desired table and select the columns to display. Clicking the Generate Report button displays the report in the bottom region.

The top region Specify your Report is a static region that has two items and a button. The first item named P51_TABLE is a select list that displays the name of the tables. It is defined by the following query.
SELECT table_name as displayval,
       table_name as returnval
FROM user_tables
ORDER BY displayval;
The second item named P51_COLUMNS is a Shuttle item. It displays the column of the table that the user select using the first item. It is defined using the below query.
SELECT column_name as displayval,
       column_name as return val
FROM user_tab_columns
WHERE table_name = :P51_TABLE
ORDER BY column_id;

This query references P51_TABLE item to display columns according to the table selected in P51_TABLE items. To get this list of columns to update when P51_TABLE changes, set the Parent(s) item property in the Cascading List of Values section to P51_TABLE as shown in the below image.

Finally, the Generate Report button executes the submit action when pressed and saves the values of these two items into the session state.

The second region Report on &P51_TABLE. is a classic report and the source type is set to Function Body returning SQL Query. The below listing shows the code for this report region.

declare
  v_table varchar2(50)  := :P51_TABLE;
  v_cols  varchar2(5000) := replace(:P51_COLUMNS, ':', ',');
begin
  return 'select ' || v_cols || ' from ' || v_table ;
end;

One important property to note here is the Use Generic Column Names. Column definitions of a report are derived from the SQL query which requires the query to be parsed while creating the report. Since we are using the dynamic query to generate the reports, the query cannot be parsed at the time of creating the report. Setting this property enables reports to use generic column names and produces placeholder column definitions. 

Also, specify the maximum number of generic report columns in the Generic Column Count property. Reports that use generic column names are parsed at runtime only, so the columns of the reports are not known until runtime. Using this property you can tell APEX that how many columns to create for this report. In this report, I specified a column count of 50, which means that APEX will generate 50 columns named COL01, COL02, COL03,... up to COL50 for the report as shown in the below image. This is the maximum number of columns that APEX generates for the report. At the runtime, if the report has fewer columns then other columns will be ignored.

If you run the report at this time it runs completely fine as shown in the below image and displays the data for the selected table. But here we got a problem. The heading of the columns are all the generic names and it's not clear what the data is all about. 

You can dynamically set the column header using the Heading Type property that you can find in the Attributes tab in the report property section as shown in below image. Select the heading type PL/SQL Function Body and define the PL/SQL code in the PL/SQL Function Body textarea that will return the column's name in a colon-separated string. Here item P51_COLUMNS holds column names in a colon-separated string and that is what you need at the moment. So your code is simply to return this item.    

Now when you run your report, it will display the proper column heading names.

Comments

  1. Alex NuijtenMay 17, 2021 at 3:35 PM

    The current implementation is subject to SQL Injection. At the very least look into using DBMS_ASSERT

    ReplyDelete
    Replies
    1. Rutvik PrajapatiMay 17, 2021 at 4:00 PM

      Thanks Alex for pointing this out. During the development we generally put more emphasis on solving the problem and not put that much focus on security aspect.
      But yes it is very improtant to keep security in mind while developing. Your valuable input encourage me to learn more about SQL Injection and also how to prevent it.

      Delete
    2. AshokLokhandeMay 17, 2021 at 7:09 PM

      Hi Alex / Rutvik,
      if possible can you please explain , how this is subject to sql injection and how to prevent it

      Delete
    3. Rutvik PrajapatiMay 18, 2021 at 9:40 AM

      Hi Ashok,

      Currently I am learning and exploring more about SQL Injection and surely will write a blog on it.

      Delete

Post a Comment

Popular posts from this blog

Sorting Order in Oracle APEX Classic Report

Image
In APEX, the sorting option for a classic report is divided into two aspects:  How records will be sorted when the report first renders? Whether the end-user can change the sort order interactively by clicking the column header. A classic report can be developed using either the static query or the dynamic query and the sorting behavior is different for both options. First, we will see the sorting behavior for the report based on the static query.  The below classic report is based on the static query and displays all the records of the EMP_DUP table. For this blog, I created EMP_DUP which is the same as the EMP table but contains duplicate records. The sorting aspects for this report are determined by the properties in each column's  sorting  section. The below image shows the  sorting  section for  JOB. The Default Sequence  property determines the initial sort order. Each column that participates in the initial sort order will have a unique sequence number that will determine
Read more

Multi-select List Item in Oracle APEX | Checkbox Group

Image
In my previous post , I explained how to use Shuttle Item. In this post, I will explain how to use another multi-select item Checkbox Group.  In Oracle APEX, Checkbox Group displays multiple values as checkboxes and enables end-user to select multiple values. Like the Shuttle item, the Checkbox Group also stores values of checked boxes in a colon-delimited string. We need to provide a list of values for values displayed as checkboxes.   How to create a Checkbox Group?  Create a VARCHAR2 column having a large size as it stores a colon-delimited string. Navigate to an APEX page and create a page item in a region that is based on the database table. Change its type to "Checkbox Group". Go to the "List of Values" section in the property section and select the list of values type. Here I selected "Static Values".  Click on the "Static Values" and a popup will open. Add Display Value and Return Value in this popup as shown below.  Enter the number of
Read more

OTP based Authentication in Oracle APEX using Twilio

Image
Recently, a new requirement came up to implement One Time Password (OTP) based authentication in Oracle APEX. In this, the user will enter his mobile number on the login page and will receive an OTP via SMS. The user will then enter the OTP on the login page and be able to authenticate himself in the APEX app.  When I started working on this requirement, first I identified all the steps that I need to implement for the solution.  Below are the steps that I followed: 1. Generate the OTP and temporarily store it in a database table. 2. Send the generated OTP to the user by integrating REST API to send the SMS 3. Validate the user entered OTP against the OTP that is stored in the table and authenticate the user. 4. Create a Custom Authentication Scheme. 5. Modify the login page. Let's understand each step in more detail. Step 1:  Generate the OTP and temporarily store it in a database table.  First, create a table to temporarily store the OTP for the validation. Here I created a si
Read more