Print

SSRS AlphaNumeric Parameter Validation

Intro
If you ever want to check the parameters submitted with a report for alpha numeric characters (so it doesn't contain symbols, punctuations, etc) then you should do this at the database level, and then get the report to complete the check:

The Plan
  1. User enters value in parameters and clicks on "View Report"
  2. Report passes parameter to dataset which gets formatted by the database
  3. Report retrieves (select) formatted parameter as a field value to use
  4. Report loads with changes based on returned value.

The Gist
  1. Add database level parameter check
  2. Add IIF in SSRS to confirm

Database Level AlphaNumeric Check
You may have better ways to do this but here are my database level checks for alphanumeric values:
copyraw 
-- ORACLE
-- 0 if is alphanumeric, 1 or more if not alpha numeric.
SELECT 
(LENGTH(TRIM(TRANSLATE(:ParameterToCheck, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789', ' ')))) AS NotAlphaNumeric  
FROM
...


-- Transact-SQL
-- 0 if is alphanumeric, 1 or more if not alpha numeric.
SELECT 
PATINDEX('%[^a-zA-Z0-9]%' , @ParameterToCheck) AS NotAlphaNumeric
FROM
...


-- MySQL
-- 1 if is alphanumeric, 0 if not alpha numeric.
SELECT
@ParameterToCheck REGEXP '^[A-Za-z0-9]+$' AS AlphaNumeric
FROM
...
  1.  -- ORACLE 
  2.  -- 0 if is alphanumeric, 1 or more if not alpha numeric. 
  3.  SELECT 
  4.  (LENGTH(TRIM(TRANSLATE(:ParameterToCheck, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789', ' ')))) AS NotAlphaNumeric 
  5.  FROM 
  6.  ... 
  7.   
  8.   
  9.  -- Transact-SQL 
  10.  -- 0 if is alphanumeric, 1 or more if not alpha numeric. 
  11.  SELECT 
  12.  PATINDEX('%[^a-zA-Z0-9]%' , @ParameterToCheck) AS NotAlphaNumeric 
  13.  FROM 
  14.  ... 
  15.   
  16.   
  17.  -- MySQL 
  18.  -- 1 if is alphanumeric, 0 if not alpha numeric. 
  19.  SELECT 
  20.  @ParameterToCheck REGEXP '^[A-Za-z0-9]+$' AS AlphaNumeric 
  21.  FROM 
  22.  ... 

Usage
copyraw 
-- Using the ORACLE example
SELECT
	Column1,
	Column2,
	(LENGTH(
		TRIM(
			TRANSLATE(
				:ParameterToCheck, 
				'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789', 
				' '
			)
		)
	)) AS NotAlphaNumeric  
FROM 
	YourDataSetTable
WHERE
	ThisRecord = :UserSpecifiedID

-- where :UserSpecifiedID is one of the report parameters (Oracle local variable)
-- where :ParameterToCheck is another of the report parameters (Oracle local variable)
  1.  -- Using the ORACLE example 
  2.  SELECT 
  3.      Column1, 
  4.      Column2, 
  5.      (LENGTH( 
  6.          TRIM( 
  7.              TRANSLATE( 
  8.                  :ParameterToCheck, 
  9.                  'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789', 
  10.                  ' ' 
  11.              ) 
  12.          ) 
  13.      )) AS NotAlphaNumeric 
  14.  FROM 
  15.      YourDataSetTable 
  16.  WHERE 
  17.      ThisRecord = :UserSpecifiedID 
  18.   
  19.  -- where :UserSpecifiedID is one of the report parameters (Oracle local variable) 
  20.  -- where :ParameterToCheck is another of the report parameters (Oracle local variable) 
MDX Check
copyraw 
/*  
	For Expression Value.  
	Remember to apply to both ACTION and if you use color change FONT. 
	Note for MySQL solution change 0 to 1.
*/
=IIF(
	Parameters!ParameterToCheck.Value"" AND Fields!NOTALPHANUMERIC.Value=0,
	"Valid",
	"Not Valid"
)
  1.  /* 
  2.      For Expression Value. 
  3.      Remember to apply to both ACTION and if you use color change FONT. 
  4.      Note for MySQL solution change 0 to 1. 
  5.  */ 
  6.  =IIF( 
  7.      Parameters!ParameterToCheck.Value"" AND Fields!NOTALPHANUMERIC.Value=0, 
  8.      "Valid", 
  9.      "Not Valid" 
  10.  ) 
Additional
If like us, you've made a report containing a link dependent on parameters submitted, we had to apply a similar IIF statement block to the Font color and the Action target as well within SSRS.
Category: SQL Server Reporting Services :: Article: 399