Correct way to pass a parameter to a report

Migrateduser

Hi folks,

as a newbie with BIRT, I'm playing with it using MyEclipse.

I'm trying to set up a java web test application which asks for a customer id and then runs the report showing informations about the specified customer.

Actually, I'm achieving my goal in this way:

1) Set up the dataset query with a where customerid = ?
2) Set up a querypameter, say myCustomerID
3) Link it report parameter, with the same name for clarity
4) In the calling page I ask the user for caller id and then I pass it as a parameter, i.e. in the url I have an "&myCustomerID=<the id entered by the user>".

It works but I'm asking myself if it's the correct way to do it, or there is a better way.

The second question is about passing parameters in the URL: doesn't this expose my application to SQL injection problems, i.e. do I need to perform validation in the report before using the passed value?

Thanks a lot

Ciao

Is there any different and safer way to pass the parameter(s)?