You can use the following types of variables in your templates:
<<[Order Number]>> must be specified as: <html>...<<[Order Number]>>...</html>Column name variables
Column name variables allow you to display or retrieve the value of a data column. The column name must exactly match the column name in your table and be enclosed in square brackets. The column name variable is replaced by the value of that column.
For example, to display the value of the Order Number column in your email template:
Order Number is <<[Order Number]>>
Note: When a data column value is displayed in an HTML document, it is always HTML encoded. See Prevent cross-site scripting attacks using HTML encoding.
You can also display the value of a column both before and after it is updated.
Expression variables
Expression variables allow you to compute values. You can use any expression in an expression variable. The expression variable is replaced by the result of the expression's evaluation.
For example, you can display the result of the Amt column value times the Qty column value as follows:
<<[Amt] * [Qty]>>
Dereference expression variables
Use a dereference expression to display the value of a column in a referenced record using the following format:
[Column Containing Reference].[Column in Referenced Table]
For example, the following expression retrieves the product's price from the Products table:
<<[Product].[Price]>>
In this example, Product is the name of a column of type Ref in the Order Details table that refers to the Products table. Price is the name of the column in the Products table that contains the product's price.
You can use dereference expressions when computing values. For example:
Total Amount: <<[Product].[Price] * [Quantity]>>
Built-in variables
Built-in variables enable you to access a set of values provided by AppSheet. Built-in variable names always begin with an underscore (_).
AppSheet provides the following built-in variables.
|
Built-in variable |
Description |
|
|
Application GUID (Globally Unique Identifier) that uniquely identifies your app. Example: |
|
|
Name of your app. Example: |
|
|
Owner ID of your app. Example: |
|
|
Archive attachment filename. See How the archive attachment filename is formed. Example: |
|
|
Archive attachment file URL. |
|
|
Link to the archive attachment file. The attachment name is used as the hyperlink text.
Note: This variable can be used in a body or attachment template. It cannot be used in the Body property. |
|
|
Email attachment name. |
|
|
Current date and time. Example: |
|
|
Key value of the added, deleted, or updated record. |
|
|
Link to the added or updated record in your app. For example, you can include this URL in an email to allow the email recipient to easily open the added or updated record.
Note: This variable can be used in a body or attachment template. It cannot be used in the Body property. |
|
|
URL that refers to the added or updated record in your app. For example, you can include this URL in an email to allow the email recipient to easily open the added or updated record. The full URL is displayed. |
|
|
Name of the automation component (such as, the task). Example: |
|
|
Name of your table. Example: |
|
|
Current time. Example: |
|
|
Current date. Example: |
|
|
Name of the operation that triggered the automation rule. Example: |
|
|
Current user's email address. Example: |
|
|
Current user's name. Example: |
Prevent cross-site scripting attacks using HTML encoding
AppSheet always HTML encodes field values when they are displayed in an HTML document. HTML encoding ensures that field values are displayed as simple text by the browser and that field values are not interpreted by the browser as HTML. This is essential to prevent Cross-site Scripting (XSS) attacks when a user enters JavaScript in a field, such as:
<script type="text/javascript">
function doSomethingEvil() { /* ... */ }
</script>