[Gambas-user] Prepared statements
Caveat
Gambas at ...1950...
Tue Mar 13 10:37:50 CET 2012
> With statements, you use a sign, and replace that with a type
The sign in Gambas is the &1, &2, &3...which are replaced by the varying
number of params after.
OK, as far as I can tell it's not a true prepared statement in that
there appears to be no way to reuse it with different params but it does
solve the escaping problem.
Depends whether you really need prepared statements or just think you
do...afaicr there are some small efficiency gains in reusing prepared
statements...
Regards,
Caveat
(sorry forgot to copy 'the list')
On Tue, 2012-03-13 at 09:58 +0100, Mathias Maes wrote:
> That's not really a prepared statement.
>
> With statements, you use a sign, and replace that with a type. This is
> some java sample code:
> java.sql.PreparedStatement stmt = connection.prepareStatement(
> "SELECT * FROM users WHERE USERNAME = ? AND PASSWORD = ?");
> stmt.setString(1, username);
> stmt.setString(2, password);
> stmt.executeQuery();
>
> You see, the "setString" function is used, so something like 'or 1=1'
> wouldn't work, because it would be considered as a string.
>
>
> 2012/3/13 Caveat <Gambas at ...1950...>
> You mean like this (not so long ago on this very mailing
> list...)
>
> > Caveat wrote:
> > >
> > > Here's some working code...
> > >
> > > conn = DataAccess.getConnection()
> > > conn.Exec("delete from UTI001 where CLEF = &1",
> "Caveat")
> > > conn.Exec("insert into UTI001 (CLEF, Langue, Backup)
> VALUES (&1,
> &2, &3)", "Caveat", "EN", "C:\\Temp")
> > > rSet = conn.Exec("select * from UTI001 where CLEF = &1",
> "Caveat")
> > > If rSet Not Null Then
> > > If rSet.Count > 0 Then
> > > rSet.MoveFirst
> > > Print rSet["CLEF"], rSet["Langue"]
> > > Endif
> > > Endif
> > >
> > > As expected, it prints:
> > >
> > > Caveat EN
> > >
> > > Regards,
> > > Caveat
>
> Regards,
> Caveat
>
> On Tue, 2012-03-13 at 09:01 +0100, Mathias Maes wrote:
> > Hello,
> >
> > Are there prepared statements in Gambas? It is so much safer
> to deal with a
> > database with them!
> >
> > Thanks
>
> >
> ------------------------------------------------------------------------------
> > Keep Your Developer Skills Current with LearnDevNow!
> > The most comprehensive online learning library for Microsoft
> developers
> > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5,
> CSS3, MVC3,
> > Metro Style Apps, more. Free future releases when you
> subscribe now!
> > http://p.sf.net/sfu/learndevnow-d2d
> > _______________________________________________
> > Gambas-user mailing list
> > Gambas-user at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/gambas-user
>
>
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft
> developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5,
> CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you
> subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> Gambas-user mailing list
> Gambas-user at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/gambas-user
>
More information about the User
mailing list