Passing Parameters from a Custom Query Repeater

Sherry Collins asked on June 7, 2015 19:27

Does anyone know how to pass a parameter from a Custom Query Repeater?

I am calling a stored procedure that takes one parameter. I need to pass the current user. Documentation said to pass like this {% QueryString.Parameter %}

Proc_CMS_DoSomething {% CurrentUser.UserName %} Fails.

Also tried putting it in the Where clause like this

Where OperatorFullName = {% CurrentUser.UserName %} This also fails. This has the hash key of the user attached and cannot be passed as a single value parameter.

Recent Answers

Pavel Janečka answered on June 8, 2015 13:53 (last edited on December 10, 2019 02:30)

I'm writing this from my head, but the problem might be that you are missing single quote qualifier used for string literals in T-SQL. Maybe you could try Proc_CMS_DoSomething '{% CurrentUser.UserName |(identity)GlobalAdministrator%}'

Beware that this approach makes you vulnerable to SQL injection attacks, so you'd better sanitize the username or avoid this approach completely (and instead of using macros output the T-SQL statement programmatically)

0 votesVote for this answer Mark as a Correct answer

Sherry Collins answered on June 8, 2015 16:25

Your solution evaluates to the literal string. I need to pass the value of CurrentUser.UserName. How would I output the T-SQL programatically? Do you mean using the Columns, Order By, etc properties of the web part? If that is what you are referring to, then how do I handle joins. This query has 3 joins.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.