Get Example source ABAP code based on a different SAP table
Calling an HTTP Service> This example demonstrates how an ICF>> HTTP service> is called directly using a Web browser>.
ABAP_SOURCE_CODE ABAP_EXEC >
ABAP_DESCRIPTION Any HTTP> service defined in the service transaction SICF>> can be tested here. If the URL> of the service is known, it can be called from the Internet, for example by entering an address in a browser. In this example, a service of this type is called using the function module CALL BROWSER>, which starts a Web browser> for the URL> of the service. The URL> is constructed from the host> and port> of the current application server, the path in the service tree, and a form field. The host> and port> are filled using the function module TH_GET_VIRT_HOST_DATA>. The form field is filled with the content of a field filled previously by user input. The browser displays the HTML> page returned by the service. The called HTTP> service is defined as the node /sap/bc/abap/demo> in the transaction SICF>>. The assigned HTTP request handler> is the class CL_HTTP_EXT_SERVICE_DEMO>>. If a form field '...<(> <)>carrid=...' > is added to the URL> of the service, the content of this field is used as a key for selecting associated data from the database table SPFLI>. This is achieved by the class CL_HTTP_EXT_SERVICE_DEMO> implementing the interface IF_HTTP_EXTENSION>> and its method HANDLE_REQUEST>. This method is called by ICF> and a reference is passed to a SERVER> object that implements the interface IF_HTTP_SERVER>>. The attributes REQUEST> and RESPONSE> of this interface refer to objects, which are implemented by the interfaces IF_HTTP_REQUEST>> or IF_HTTP_RESPONSE>>. The REQUEST > object is used to read the form field. The RESPONSE> object returns the result. METHOD if_http_extension~handle_request. DATA carrid TYPE string. DATA connections TYPE TABLE OF spfli.
carrid = to_upper( cl_abap_dyn_prg=>escape_quotes_str( val = escape( val = server->request->get_form_field( name = `carrid` ) format = cl_abap_format=>e_xss_ml ) ) ) ##NO_TEXT.
SELECT * FROM spfli INTO TABLE connections WHERE carrid = carrid.
server->response->set_cdata( data = cl_demo_output=>get( connections ) ).
ENDMETHOD.> The predefined function escape>> and the method ESCAPE_QUOTES_STRING> of the class CL_ABAP_DYN_PRG>> are using to prevent cross site scripting> and SQL injections>>. The content of the internal table connections> (filled in accordance with the passed form field) is converted to HTML> using the class CL_DEMO_OUTPUT>> before it is passed to the RESPONSE> object.
Note The HTTP> service must be activated in transaction SICF>> before the example can work.