Learn more about sending email, using templates, and using expressions with workflow in the Workflow: Sending Email section.

You can use variables in your templates. Variables take three forms:

  1. Column name variables
  2. Expression variables
  3. Built-in variables

Column Name Variables

Column name variables allow you to display or retrieve the value of a data column. The column name must exactly match the column name in your table and should be enclosed in square brackets. The column name variable is replaced by the value of that column.

When a data column value is displayed in an HTML document, it is always HTML encoded. See topic "HTML Encoding to Prevent Cross Site Scripting Attacks" below.

Display the Value of a Column

You can display the current value of a column. For example, to display the value of the Order Number column in your workflow template:

Order Number is <<[Order Number]>>

Displaying the Before and After Values of a Column

You can display the value of a column both Before and After it was updated.

Expression Variables

Expression variables allow you to compute values. For example, you can display the result of the Amt column value times the Qty column value:

<<[Amt] * [Qty]>>

You can use any expression in an expression variable. The expression variable is replaced by the result of the expression's evaluation.

Dereference Expressions

You can use a dereference expression to retrieve the value of a column in a referenced record with an expression of the form:

[Column Containing Reference].[Column in Referenced Table]

The Order Capture sample app includes a typical dereference expression. The Order Details table uses the dereference expression, [Product].[Price], to retrieve the product's price from the Products table. Product is the name of a column of type Ref in the Order Details table that refers to the Products table. Price is the name of the column in the Products table that contains the product's price.

You can use dereference expressions when computing values. For example, in the Order Capture app, there is a formula that multiplies [Product].[Price] with another column value, [Quantity].

Built-In Variables

Built-in variables allow you to include built-in values supplied by AppSheet. Built-in variable names always begin with an underscore (_). AppSheet provides the following built-in variables:

  • <<_APPID>>: Application GUID (Globally Unique Identifier) that uniquely identifies your app, e.g. 8c26466f-1db0-4032-9c0f-40c2a588cf50.
  • <<_APPNAME>>: The name of your app, e.g. Workflow-10301.
  • <<_APPOWNER>>: The Owner ID of your app, e.g. 10301.
  • <<_ATTACHMENTFILENAME>>: The file name given to the email attachment when it was archived.
  • <<_ATTACHMENTFILE_URL>>: The URL to the email attachment.
  • <<_ATTACHMENTFILE_WEB_LINK>>: Hyperlink to the email attachment. The attachment name is displayed as the link text.

    This can be used in a Body Template and an Attachment Templates. It cannot be used in the Body property.
  • <<_ATTACHMENTNAME>>: The name given to the email attachment.
  • <<_NOW>>: The current date and time, e.g. 6/15/2009 1:45:30 PM.
  • <<_ROWKEY>>: The key value of the added, deleted, or updated record.
  • <<_ROW_WEB_LINK>>: Hyperlink that refers to the added or updated record in your app. For example, you can include this URL in a workflow email to allow the email recipient to easily open the added or updated record. The record key is displayed as the link text.

    This can be used in a Body Template and an Attachment Templates. It cannot be used in the Body property.
  • <<_ROW_WEB_URL>>: URL that refers to the added or updated record in your app. For example, you can include this URL in a workflow email to allow the email recipient to easily open the added or updated record. The full URL is displayed.
  • <<_RULENAME>>: Name of your workflow rule, e.g. My Update Rule.
  • <<_TABLENAME>>: Name of your table, e.g. Orders.
  • <<_TIMENOW>>: The current time, e.g. 1:45:30 PM
  • <<_TODAY>>: The current date, e.g. 6/15/2009.
  • <<_UPDATEMODE>>: The name of the operation that triggered the workflow rule. Namely, Add, Delete, or Update.
  • <<_USEREMAIL>>: The current user's email address, e.g. jmorgan@google.com.
  • <<_USERNAME>>: The current user's name, e.g. Julie Morgan.

HTML Encoding to Prevent Cross Site Scripting Attacks

We always HTML encode field values when they are displayed in an HTML document. HTML encoding ensures that field values are displayed as simple text by the browser and that field values are not interpreted by the browser as HTML. This is essential to prevent XSS (Cross Site Scripting) attacks in which a user enters Java script in a field.
If that field was rendered into an HTML document without being HTML encoded, it would allow the user to launch a Cross Site Scripting attack by entering something like:

<script type="text/javascript">
    function doSomethingEvil() { /* ... */ }
</script>


Did this answer your question?