[Gambas-user] Database question
M. Cs.
mohareve at ...626...
Wed Jan 18 19:33:45 CET 2012
Yes, Benoit. I'll check the documentation, since I always used the
Myconnection.Exec("SELECT FROM table WHERE field='"& myvar & "';) form
of the querying, and now I would like to change it to a more
convenient way, since I always had to assure myvar is safe.
2012/1/18, Benoît Minisini <gambas at ...1...>:
> Le 18/01/2012 14:17, M. Cs. a écrit :
>> Hi!
>> Is there any built in function in Gambas3 which can secure the
>> database connection from the errors caused by special characters?
>>
>> I have written functions for replacing the dangerous characters like
>> ', +, . and so on, but I'd like to know whether there is a way to make
>> queries secure from failures.
>>
>> Thanks!
>>
>
> SQL quoting is automatically done by the following methods of the
> Connection class: Exec(), Find(), Edit(), Delete(), Subst(), provided that:
>
> - You use "&1", "&2"... inside the request string to tell where quoted
> arguments must be inserted.
>
> - You actually pass these arguments.
>
> Is it what you need?
>
> --
> Benoît Minisini
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> Gambas-user mailing list
> Gambas-user at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/gambas-user
>
More information about the User
mailing list