[Gambas-user] Eroor when doing SQL

Tim Hanschen Tim.Hanschen at ...20...
Mon Jun 21 09:35:39 CEST 2004


Yes, that works fine.... thank you very much. One problem less on my list... ;-)

regards,
  - Tim -



gambas-user at lists.sourceforge.net schrieb am 18.06.04 22:09:39:

On Friday 18 June 2004 14:43, Brant Wells wrote:
> Hey Tim:
>
> It has been my experience with mySql that the & sign causes problems
> when it's by itself.... For example if the title = 'Brant & Tim'  then
> it would fail...   So change the string to 'Brant && Tim'  (note I used
> two &'s)...
>
> But try this first... Instead of using chr(34)...  Try chr(39) (the '
> )...  I know M$ SQL Server is not too big on which one you use, but I
> forget if MySQL is picky about it or not...
>
> HTH,
> ~Brant
>
> Tim Hanschen wrote:
> >I am still trying.... it seems that the exec to the database fails....
> >
> >This is what I do:
> >
> >    rResult = Fhoeren.hDB.Exec("SELECT album from mp3 where title = " &
> > Chr(34) & titel & Chr(34))
> >
> >Is it possible that the Exec interprets the &-sign as a string
> > concatination?
> >
> >regards,
> >  - Tim -
> >

You must be careful, because DB.Exec, DB.Find and DB.Edit work like the 
Subst() function. Every '&x' in the SQL string is replaced by the x-th 
argument passed after the sql request. 

Note that the argument is converted to a sql string depending on its type, AND 
ON THE UNDERLYING DATABASE SYSTEM.

I did that to prevent people from constructing their sql request themselves, 
to avoid sql injection, and to allow them to write database independant sql 
request - which is a performance by itself.

For example, instead of doing:

  rResult = myDB.Exec("SELECT album from mp3 where title = " & Chr(34) & title 
& Chr(34))

you must do:

  rResult = myDB.Exec("SELECT album FROM mp3 WHERE title = &1", title)

This way, your title will be able to include any escaped character: the [&], 
but the ['] too.

Regards,

-- 
Benoit Minisini
mailto:gambas at ...1...


-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Gambas-user mailing list
Gambas-user at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/gambas-user


_______________________________________________________
WEB.DE Video-Mail - Die E-Mail der nächsten Generation!
Jetzt testen: http://freemail.web.de/?mc=021198





More information about the User mailing list