[Gambas-user] Using dates in Gambas
David Silverwood
the_watchmann at yahoo.com
Sun Jun 2 10:12:50 CEST 2019
Hi Benoit
I must admit that is easier said than done. Nowhere have I found anything pertaining to using the find etc methods and as you can see my attempt at using it failed and it was this request that sparked all the replies, though not one really pertaining to my question. In C I used to do it like that using sqlite3_exec / sqlite3_prepare_v2 etc and I basically moved towards familiar grounds first due to lack of documentation or examples.
So, looking at my second example again, and going back to my question... what am I missing?
Probably, my question should be When do you use db.Find() and under what circumstances would you use db.Edit() and how do they tie together. As Ced stated, a 'realworld example' would be a plus...
open databasecreate tablenew recordupdate recorddelete recordclose db
Regards
David
On Thursday, May 30, 2019, 4:12:07 PM GMT+2, Cedron Dawg <cedron at exede.net> wrote:
Absolutely! You should use the sugar syntax $Sql &= "blah blah blah" instead.
Ahhh, just kidding.
What I am really wondering is if there is an example project that has the right way to do it for the whole process. Meaning some kind of form having a search list, a record selection, a record edit and update, a new record added with all the different data types included, some perhaps displayed with alternative available controls.
Of course, it would also have the code backing it showing the proper use of Subst with Exec() and Find() examples.
Are there any such officially (read Benoit) approved projects?
Thanks,
Ced
----- Original Message -----
From: "Benoît Minisini" <g4mba5 at gmail.com>
To: "user" <user at lists.gambas-basic.org>
Sent: Thursday, May 30, 2019 9:34:06 AM
Subject: Re: [Gambas-user] Using dates in Gambas
Le 30/05/2019 à 10:54, David Silverwood via User a écrit :
> Hi. Me again
>
> So this is my code...
>
> /Public Sub btnUpdate_Click()/
> //
> / $Sql = "UPDATE cashup SET ("/
> / $Sql = $Sql & "date = '" & edtDate.Text & "', "/
> / $Sql = $Sql & "ref = '" & edtTransNo.Text & "', "/
> / $Sql = $Sql & "amount = " & ValueBox1.Text & ", "/
> / $Sql = $Sql & "comment = '" & edtDescription.Text & "', "/
> / $Sql = $Sql & "WHERE date = '" & edtDate.Text & "';"/
> //
You MUST NOT make your SQL request like that.
NEVER.
███╗ ██╗███████╗██╗ ██╗███████╗██████╗ ██╗
████╗ ██║██╔════╝██║ ██║██╔════╝██╔══██╗ ██║
██╔██╗ ██║█████╗ ██║ ██║█████╗ ██████╔╝ ██║
██║╚██╗██║██╔══╝ ╚██╗ ██╔╝██╔══╝ ██╔══██╗ ╚═╝
██║ ╚████║███████╗ ╚████╔╝ ███████╗██║ ██║ ██╗
╚═╝ ╚═══╝╚══════╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝ ╚═╝
You must use the substitution feature of the Exec(), Find()... methods
of the Connection object, which takes care for you of quoting SQL values
accordingly to the underlying database to prevent SQL requests injections.
And you must convert the text entered in the controls into the
corresponding datatypes (Date, Integer, Float, Boolean, String) before
passing them to the Exec(), Find()... methods.
Regards,
--
Benoît Minisini
----[ Gambas mailing-list is hosted by https://www.hostsharing.net ]----
----[ Gambas mailing-list is hosted by https://www.hostsharing.net ]----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gambas-basic.org/pipermail/user/attachments/20190602/c1d891fc/attachment.html>
More information about the User
mailing list