[Gambas-user] MySQL Data

Eric Damron edamron at ...776...
Thu Jan 27 03:04:49 CET 2005


Benoit Minisini wrote:

>On Saturday 22 January 2005 06:34, Eric Damron wrote:
>  
>
>>I'm writing a simple DVD collection database front end to MySQL in order
>>to learn Gambas. I've noticed that when the user enters a title like
>>"Hogan's Heros" an exception is thrown because of the apostrophe. I
>>fixed this problem by sending all user inputs to a function that looks
>>for this and returns “\'” when it finds one.
>>
>>However, if the user enters a “&” the same thing happens even if I
>>convert it to “\&” Does anyone know how to properly “sanitize” user
>>input to MySQL?
>>
>>Thanks.
>>
>>    
>>
>
>A old VB user yet :-) ?
>
>To avoid these problems, you should use the substitute features of Exec(), 
>Find() and Edit() methods.
>
>For example, instead of writing this in your code:
>
>  strSQL = "insert into DATA ( description ) VALUES ( '" & strTextBox & "' )"    
>    
>  Message("SQL = " & strSQL)
>  rsRecord = hConnection.Exec( strSQL)
>
>Write:
>
>  rsRecord = hConnection.Exec("insert into DATA ( description ) VALUES (&1)", 
>strTextBox)
>	
>The gambas database component will carefully deals with escape characters so 
>that the syntax of the query is correct, whatever database server you use.
>
>Regards,
>
>  
>
Thanks!  Does the substitute features of Exec() have any limitations 
that I should know about?  In the following line I get an error message:
hConnection.Exec("insert into DISC (title, rating_id, note, 
genre_primary, genre_secondary, format_code) values (&1, &2, &3, &4, 
&5)", strTitle, strRatingID, strNote, strGenrePrimary, 
strGenreSecondary, strFormatCode)

The message is "Query failed: Unknown column 'W' in 'field list'

As you can see there is no 'W' in the field list.  'W' is the data being 
sent in to 'format_code' (It stands for Wide Screen)  If I enter a DVD 
and set the format code to "S"tandard I get the error "Query failed: 
Unknown column 'S' in 'field list'

BTW format_code is a valid field in the database.  Any ideas??

Thanks





More information about the User mailing list