This section describes how to use substitution strings within a page template or region source to replace a character string with another value. As you design your application and enable users to edit items, you use substitution strings to pass information.
You can use substitution strings in Application Builder in the following ways:
Include a substitution string within a template to reference component values
Reference page or application items using &ITEM.
syntax
Use built-in substitution strings
Substitution Strings within Templates
Special substitution strings available within a template are denoted by the number symbol (#). For example:
#ABC#
Substitution Strings for Page or Application Items
To reference page or application items using substitution variables:
Reference the page or application item in all capital letters.
Precede the item name with an ampersand (&).
Append a period (.) to the item name.
For example, you would refer to an application item named F101_X
in a region, a region title, an item label, or in any of numerous other contexts in which static text is used, for example:
&F101_X.
Notice the required trailing period. When the page is rendered, Application Express engine replaces value the substitution string with the value of item F101_X
.
Developers can append an exclamation mark (!
) followed by a predefined filter name to a page or application item name, report column, or other substitution strings to escape special characters in the substitution value. Output escaping is an important security technique to avoid Cross Site Scripting (XSS) attacks in the browser. Oracle Application Express already makes a best effort to automatically escape characters in a HTML or JavaScript context. With this extended syntax, developers have fine grained control over the output.
Available escape filters include:
HTML
escapes reserved HTML characters, for example:
&ITEM!HTML. #REPORT_COLUMN!HTML#
See Also:
"APEX_ESCAPE.HTML" in Oracle Application Express API ReferenceATTR
escapes reserved characters in a HTML attribute context, for example:
#REPORT_COLUMN!ATTR#
See Also:
"APEX_ESCAPE.HTML_ATTRIBUTE" in Oracle Application Express API ReferenceJS
escapes reserved characters in a JavaScript context, for example:
&ITEM!JS. #REPORT_COLUMN!JS#
See Also:
"APEX_ESCAPE.JS_LITERAL" in Oracle Application Express API ReferenceRAW
preserves the original item value and does not escape characters, for example:
&ITEM!RAW. #REPORT_COLUMN!RAW#
STRIPHTML
removes HTML tags from the output and escapes reserved HTML characters, for example:
&ITEM!STRIPHTML. #REPORT_COLUMN!STRIPHTML#
You can determine what template-specific substitution strings are supported in which templates by viewing the template definition. See "Creating Custom Themes."
Application Builder supports many built-in substitution strings. You can reference these substitution strings to achieve specific types of functionality. This section describes available built-in substitution strings, explains when to use them, and discusses what supported syntax is currently available.
Tip:
Note that bind variable:USER
has special meaning within the database. Also, the term Direct PL/SQL refers to PL/SQL that can be used in stored database objects such as procedures and functions.APEX$ROW_NUM
refers the currently processed row number of a submitted tabular form data. You can use this placeholder in validations, processes, and conditions associated with a tabular form to refer to the row number of the currently processed tabular form row. Table 2-4 describes the supported syntax for referencing APEX$ROW_NUM
.
Use APEX$ROW_SELECTOR
in validations, processes, and conditions associated with a tabular form to refer to the row selector check box in a tabular form. This placeholder returns X
if the tabular form row selector check box of the currently processed tabular form row is checked and NULL
if it unchecked. Table 2-5 describes the supported syntax for referencing APEX$ROW_SELECTOR
.
Use APEX$STATUS
in validations, processes, and conditions associated with a tabular form to refer to the row status in a tabular form. This placeholder returns the status of C
if created, U
if updated, or D
if deleted for the currently processed tabular form row. Table 2-6 describes the supported syntax for referencing APEX$ROW_STATUS
.
APP_ID
identifies the application ID of the currently executing application. Table 2-7 describes the supported syntax for referencing APP_ID
.
Reference Type | Syntax |
---|---|
Bind variable |
|
Direct PL/SQL |
|
PL/SQL |
|
Substitution string |
|
The following is an example of a substitution string reference:
f?p=&APP_ID.:40:&APP_SESSION.
APP_ALIAS
is an alphanumeric name for the current application. APP_ALIAS
is different from the APP_ID
in that the APP_ID
must be unique over all workspaces and all applications hosted in one database. In contrast, APP_ALIAS
must be unique within a workspace. For example, by using the same APP_ALIAS
you can create the application, ABC, in two different workspaces. You can use APP_ALIAS
almost anywhere APP_ID
can be used. For example, f?p
syntax can use an APP_ALIAS
or an application ID as demonstrated in this example:
f?p=ABC:1:&APP_SESSION.
This example runs application ABC, page 1 using the current session.
Table 2-8 describes the supported syntax for referencing APP_ALIAS
.
Reference Type | Syntax |
---|---|
Bind variable |
|
PL/SQL |
|
Substitution string |
|
The following is an HTML example:
Click me to go to page 1 <a href="f?p=&APP_ALIAS.:1:&APP_SESSION."> of the current application</a>
APP_AJAX_X
nn
specifies the values of the APP_AJAX_X01
, ... APP_AJAX_X10
URL parameters most recently passed to or set within the show or accept modules. You typically use these variables in On Demand AJAX processes.
Table 2-9 describes the supported syntax for referencing APP_AJAX_X
nn
.
Reference Type | Syntax |
---|---|
Bind variable |
. |
PL/SQL |
|
Substitution string |
|
See Also:
G_X01
, ... G_X10
variables in the APEX_APPLICATION in Oracle Application Express API ReferenceAPP_DATE_TIME_FORMAT
is the application date time format of the application. This value reflects the format specified in the Application Date Time Format attribute of the Globalization settings of an application. If the Application Date Time Format is not set in an application, then a reference to APP_DATE_TIME_FORMAT
returns the database session NLS date format and the NLS time format. Table 2-10 describes the supported syntax for referencing APP_DATE_TIME_FORMAT.
Use this substitution string to reference uploaded images, JavaScript, and cascading style sheets that are specific to a given application and are not shared over many applications. If you upload a file and make it specific to an application, then you must use this substitution string, or bind variable. Table 2-11 describes the supported syntax for referencing APP_IMAGES
.
Reference Type | Syntax |
---|---|
Bind variable |
|
Direct PL/SQL |
Not available. |
PL/SQL |
|
Substitution string |
|
Template substitution |
|
APP_NLS_DATE_FORMAT
is the application date format of the database session. This value reflects the format specified in the Application Date Format attribute of the Globalization settings of the application. However, if the Application Date Format is not set, then APP_NLS_DATE_FORMAT
returns the NLS_DATE_FORMAT
value of the database session at the start of the request to the Application Express engine. Table 2-12 describes the supported syntax for referencing APP_NLS_DATE_FORMAT
.
APP_NLS_TIMESTAMP_FORMAT
is the application timestamp format of the database session. This value reflects the format specified in the Application Timestamp Format attribute of the Globalization settings of the application. However, if the Application Timestamp Format is not set, then APP_NLS_TIMESTAMP_FORMAT
return the NLS_TIMESTAMP_FORMAT
value of the database session at the start of the request to the Application Express engine. Table 2-13 describes the supported syntax for referencing APP_NLS_TIMESTAMP_FORMAT
.
APP_NLS_TIMESTAMP_TZ_FORMAT
is the application timestamp time zone format of the database session. This value reflects the format specified in the Application Timestamp Time Zone Format attribute of the Globalization settings of an application. However, if the Application Timestamp Time Zone Format is not set, then APP_NLS_TIMESTAMP_TZ_FORMAT
returns the NLS_TIMESTAMP_TZ_FORMAT
value of the database session at the start of the request to the Application Express engine. Table 2-14 describes the supported syntax for referencing APP_NLS_TIMESTAMP_TZ_FORMAT
.
APP_PAGE_ALIAS
is an alphanumeric name for the current application page. A page alias is not case-sensitive and it is an optional page attribute. APP_PAGE_ALIAS
is unique within an application. You can use APP_PAGE_ALIAS
almost anywhere APP_PAGE_ID
can be used. Table 2-16 describes the supported syntax for referencing APP_PAGE_ID
.
Table 2-15 APP_PAGE_ALIAS Syntax
Reference Type | Syntax |
---|---|
Bind variable |
:APP_PAGE_ALIAS |
PL/SQL |
v('APP_PAGE_ALIAS') |
Substitution string |
&APP_PAGE_ALIAS. |
The following is an HTML example:
The alias of the current page is: &APP_PAGE_ALIAS
.
APP_PAGE_ID
is the current application page ID. For example, if your application was on page 3, then the result would be 3. Using this syntax is useful when writing application components that must work generically in multiple applications. Table 2-16 describes the supported syntax for referencing APP_PAGE_ID
.
Reference Type | Syntax |
---|---|
Bind variable |
|
PL/SQL |
|
PL/SQL and Direct PL |
|
Substitution string |
|
The following is an example of a substitution string reference:
f?p=&APP_ID.:&APP_PAGE_ID.:&APP_SESSION.
APP_REQUEST_DATA_HASH
is a hash value of the request, item name, and item value parts in the URL. It is primarily useful to detect whether two browser requests passed different parameters to APEX. Table 2-17 describes the supported syntax for referencing APP_REQUEST_DATA_HASH
.
APP_SESSION
is the most commonly used built-in substitution strings. You can use this substitution string to create hypertext links between application pages that maintain a session state by passing the session number. Note that you can also use the substitution string SESSION
in place of APP_SESSION
. Table 2-18 describes the supported syntax for referencing APP_SESSION
.
Reference Type | Syntax |
---|---|
Bind variable |
|
PL/SQL |
|
Short PL/SQL |
|
Substitution string |
|
SYS_CONTEXT variable |
|
Consider the following examples:
From within an HTML region:
<a href="f?p=100:5:&APP_SESSION.">click me</a>
Using PL/SQL:
htf.anchor('f?p=100:5:'||V('APP_SESSION'),'click me');
Using a SQL query:
SELECT htf.anchor('f?p=100:5:'||:APP_SESSION,'click me') FROM DUAL;
Using the SYS_CONTEXT
variable:
SELECT ... WHERE apex_session_id = SYS_CONTEXT('APEX$SESSION', 'APP_SESSION')
Oracle Application Express sets up the APEX$SESSION
context when it starts to process an incoming request. For example, you can use the value of 'APP_SESSION'
to access the current application session in queries and VPD (Virtual Private Database) security policies that protect your table data.
APP_SESSION_VISIBLE
is similar to the built-in substitution APP_SESSION
. Use this substitution string to create hypertext links between application pages that maintain a session state by passing the session number. APP_SESSION_VISIBLE
always returns '0' when users are not authenticated to an application and they are using the Zero Session ID feature of Oracle Application Express. Table 2-19 describes the supported syntax for referencing APP_SESSION_VISIBLE
.
Table 2-19 APP_SESSION_VISIBLE Syntax
Reference Type | Syntax |
---|---|
Bind variable |
|
PL/SQL |
|
Substitution string |
|
Consider the following examples:
From within an HTML region:
<a href="f?p=100:5:&APP_SESSION_VISIBLE.">click me</a>
Using PL/SQL:
sys.htf.anchor('f?p=100:5:'||V('APP_SESSION_VISIBLE'),'click me');
Using a SQL query:
SELECT sys.htf.anchor('f?p=100:5:'||:APP_SESSION_VISIBLE,'clickme') FROM DUAL;
APP_TITLE
is an alphanumeric title for the current application. The title is derived from an application substitution string called APP_TITLE
. If not defined the Logo attribute will be used if it is of type text. The last fallback is the application name. Table 2-20 describes the supported syntax for referencing APP_TITLE
.
Reference Type | Syntax |
---|---|
Bind variable |
|
PL/SQL |
|
Substitution string |
|
The following is an HTML example:
The title of the current application is: &APP_TITLE!HTML.
APP_UNIQUE_PAGE_ID
is an integer generated from an Oracle sequence which is unique for each page view. This number is used by applications to prevent duplicate page submissions and can be used for other purposes. For example, to make a unique URL and avoid browser caching issues, you can embed this number in the request or debug column in calls to the f
procedure. Table 2-21 describes the supported syntax for referencing APP_UNIQUE_PAGE_ID
.
Table 2-21 APP_UNIQUE_PAGE_ID Syntax
Reference Type | Syntax |
---|---|
Bind variable |
|
PL/SQL |
|
Substitution string |
|
The following is an HTML example:
SELECT 'f?p=100:1:'||:APP_SESSION||':'||:APP_UNIQUE_PAGE_ID|| ':::P1_EMPNO:'||employee_id, first_name, job_id FROM employees
Note the use of the APP_UNIQUE_PAGE_ID
in the request column. This makes this URL unique and may avoid excessive browser caching problems.
APP_USER
is the current user running the application. Depending upon your authentication model, the value of the user is set differently. If the application is running using database authentication, then the value of the user is the same as the database pseudo column USER. If the application uses an authentication scheme that requires the user to authenticate, the value of APP_USER
is set by the authentication scheme, usually to the user name used during authentication. Table 2-22 describes the supported syntax for referencing APP_USER
.
Reference Type | Syntax |
---|---|
Bind variable |
|
PL/SQL |
|
Substitution string |
|
|
|
Consider the following examples:
From within an HTML region:
Hello you are logged in as &APP_USER.
Using PL/SQL:
htp.p('Hello you are logged in as'||V('APP_USER'));
As a bind variable:
SELECT * FROM some_table WHERE user_id = :APP_USER
Using the SYS_CONTEXT
variable:
SELECT ... WHERE username = SYS_CONTEXT('APEX$SESSION', 'APP_USER')
Oracle Application Express sets up the APEX$SESSION
context when it starts to process an incoming request. For example, you can use the value of 'APP_USER'
to access the current application user in queries and VPD (Virtual Private Database) security policies that protect your table data.
See Also:
"Authentication" for information about the Public User attributeThis application-level attribute identifies a valid authenticated prefix (that is, a logged in URL prefix). You can use a relative path or a full path beginning with http
. This item is useful if your application can be run in both authenticated (logged in) and public (not logged in) modes. You can use AUTHENTICATED_URL_PREFIX
to construct a link to an authenticated page. This item is most useful when using basic database authentication because changes to the URL can require authentication. Table 2-23 describes the supported syntax for referencing AUTHENTICATED_URL_PREFIX
.
BROWSER_LANGUAGE
refers to the web browser's current language preference. Table 2-24 describes the supported syntax for referencing BROWSER_LANGUAGE
.
CURRENT_PARENT_TAB_TEXT
is most useful in page templates, but is only relevant for applications that use two-level tabs (that is, parent and standard tabs). Use this string to reference the parent tab label. This substitution string enables you to repeat the currently selected parent tab within the page template. Table 2-25 describes the supported syntax for referencing CURRENT_PARENT_TAB_TEXT
.
Valid values for the DEBUG
flag are Yes or No. Turning debug on shows details about application processing. If you write your own custom code, you may want to generate debug information only if the debug mode is set to Yes. Table 2-26 describes the supported syntax for referencing DEBUG
.
Reference Type | Syntax |
---|---|
Bind variable |
: |
Direct PL/SQL |
|
PL/SQL |
|
Substitution string |
|
The following is an example of a substitution string reference that preserves the current value of DEBUG
:
f?p=100:1:&APP_SESSION.::&DEBUG
HOME_LINK
is the home page of an application. The Application Express engine redirects to this location if no page is given and if no alternative page is dictated by the authentication scheme's logic. You define the Home Link on the Application Attributes page.
Table 2-27 describes the supported syntax for referencing HOME_LINK.
Reference Type | Syntax |
---|---|
Direct PL/SQL |
|
PL/SQL |
|
Template Reference |
|
Substitution String |
|
See Also:
"Authentication" for information about the Home Link attributeThe value of IMAGE_PREFIX
determines the virtual path the web server uses to point to the images directory distributed with Oracle Application Express. To reference uploaded images, use WORKSPACE_IMAGES
and APP_IMAGES
. Table 2-28 describes the supported syntax for referencing IMAGE_PREFIX
.
Use LOGIN_URL
to display a link to a login page for users that are not currently logged in. Table 2-29 describes the supported syntax for LOGIN_URL
.
LOGOUT_URL
is an application-level attribute used to identify the logout URL. This is a URL that navigates the user to a logout page or optionally directly logs out a user. To create a logout navigation bar entry, add a trailing period to &LOGOUT_URL
(&LOGOUT_URL.
). If you are coding a page template, use #LOGOUT_URL#
. Table 2-30 describes the supported syntax for referencing LOGOUT_URL
.
The value of PRINTER_FRIENDLY
determines if the Application Express engine is running in print view mode. This setting can be referenced in conditions to eliminate elements not desired in a printed document from a page. Table 2-31 describes the supported syntax for referencing PRINTER_FRIENDLY
.
PROXY_SERVER
is an application attribute. The attribute may be used by regions whose source comes from a URL. The following is the correct syntax for a direct PL/SQL reference used when you are writing PL/SQL to access remote web servers from within the database (for example, when using the utl_http
package shipped with the database).
APEX_APPLICATION.G_PROXY_SERVER
PUBLIC_URL_PREFIX
is an application-level attribute that identifies a URL to toggle out of a logged in mode to a public view. Table 2-32 describes the supported syntax for referencing PUBLIC_URL_PREFIX
.
Each application button sets the value of REQUEST
to the name of the button or to the request value attribute associated with the button, enabling accept processing to reference the name of the button when a user clicks it. In the f?p
syntax, REQUEST
may be set using the fourth argument.
REQUEST
is typically referenced during Accept processing (that is, the processing that occurs when you post a page). Table 2-33 describes the supported syntax for referencing REQUEST
.
Reference Type | Syntax |
---|---|
Bind variable |
|
Direct PL/SQL |
|
PL/SQL |
|
Substitution string |
|
See Also:
"Using REQUEST"REQUEST
is typically referenced during Accept processing (that is, the processing that occurs when you post a page). This section describes additional information about how to use the REQUEST substitution string.
See Also:
"REQUEST"When you post a page, you initiate Accept processing. Accept processing consists of computations, validations, processes, and branches. The value of REQUEST
is available during each phase of the Accept processing. Once an application branches to a different page then REQUEST
is set to NULL.
The value of REQUEST
is the name of the button the user clicks, or the name of the tab the user selects. For example, suppose you have a button with a name of CHANGE
, and a label Apply Change
. When a user clicks the button, the value of REQUEST
is CHANGE
.
Validations, processes, and branches have a When Button Pressed attribute. This attribute displays as a select list and contains the names of buttons that exist on the current page. If you make a selection from When Button Pressed, you associate the button's REQUEST
value with the validation, process, or branch.
When you use a button to submit a page, the REQUEST
value is passed to the page. The Accept processing logic evaluates each validation, process, and branch that uses a When Button Pressed attribute to determine whether the component should run (or fire). When one of these components runs, do not assume that a user actually clicked the associated button and caused the page to be submitted. Keep in mind, that another button using the same request value may have submitted the page. Similarly, JavaScript on the page can also submit the page and pass in a request value.
Many developers reference REQUEST
using conditions. For example, you may want to reset pagination when a user clicks Go on a report page. You can reset pagination by creating an on-submit page process. The page process can be made conditional using the condition Request = Expression 1
.
To conditionalize an on-submit page process:
Under Condition, select the condition type Request = Expression 1.
In Expression 1, enter GO.
You can also use REQUEST
for Show processing when navigating to a page using f?p
syntax. For example:
f?p=100:1:&APP_SESSION.:GO
Remember that the fourth argument in the f?p
syntax is REQUEST
. This example goes to application 100, page 1 for the current session, and sets the value of REQUEST
to GO
. Any process or region can reference the value of REQUEST
using Show processing.
The following is a similar example using PL/SQL:
IF V ('REQUEST') = 'GO' THEN htp.p('hello'); END IF;
Note that htp.p('hello')
is a call to a PL/SQL Web Toolkit package to print the specified text string.
See Also:
Oracle Database Development Guide for information about developing web applications with PL/SQL and Oracle Database PL/SQL Packages and Types ReferenceYou can use a special request BRANCH_TO_PAGE_ACCEPT
for Show processing to automatically submit the page. For example:
f?p=100:1:&APP_SESSION.:BRANCH_TO_PAGE_ACCEPT|SAVE:::P1_DATA:value
Using BRANCH_TO_PAGE_ACCEPT
is the same as navigating to page 1, entering a value into the item P1_DATA, and clicking a button that submits the page with a SAVE request.
If you are generating calls to applications from within your PL/SQL code, you must reference the owner of the Oracle Application Express schema. The following describes the correct syntax for a direct PL/SQL reference:
APEX_APPLICATION.G_FLOW_SCHEMA_OWNER
You may also use #FLOW_OWNER#
to reference this value in SQL queries and PL/SQL (for example, in a region or a process).
SQLERRM
is a template substitution only available in the Applications Region Error Message. The following describes the correct syntax for a region template substitution reference:
#SQLERRM#
SYSDATE_YYYYMMDD
represents the current date on the database server, with the YYYYMMDD
format mask applied. You may use this value instead of repeated calls to the SYSDATE()
function. The following list describes the supported syntax for referencing SYSDATE_YYYYMMDD
.
Bind variable
:SYSDATE_YYYYMMDD
PL/SQL
V('SYSDATE_YYYYMMDD')
Direct PL/SQL
APEX_APPLICATION.G_SYSDATE (DATE DATATYPE)
Use this substitution string to reference uploaded images, JavaScript, and cascading style sheets that are shared over many applications within a workspace. Table 2-35 describes the supported syntax for referencing WORKSPACE_IMAGES
.
Use this substitution string to reference the workspace ID. Table 2-36 describes the supported syntax for referencing WORKSPACE_ID
.
Table 2-36 WORKSPACE_ID Syntax
Reference Type | Syntax |
---|---|
Bind variable |
|
PL/SQL |
|
Substitution string |
|
|
|
Consider the following examples:
From within an HTML region:
Hello your workspace id is &WORKSPACE_ID.
Using PL/SQL:
htp.p('Hello your workspace id is '||V('WORKSPACE_ID'));
Using a bind variable:
SELECT * FROM some_table WHERE workspace_id = :WORKSPACE_ID
Using the SYS_CONTEXT
variable:
SELECT ... WHERE workspace_id = SYS_CONTEXT('APEX$SESSION', 'WORKSPACE_ID')
Oracle Application Express sets up the APEX$SESSION
context when it starts to process an incoming request. For example, you can use the value of 'WORKSPACE_ID'
to access the current workspace ID value in queries and VPD (Virtual Private Database) security policies that protect your table data.