[Gambas-user] Using dates in Gambas

David Silverwood the_watchmann at yahoo.com
Sun Jun 2 10:12:50 CEST 2019


 Hi Benoit
I must admit that is easier said than done. Nowhere have I found anything pertaining to using the find etc methods and as you can see my attempt at using it failed and it was this request that sparked all the replies, though not one really pertaining to my question. In C I used to do it like that using sqlite3_exec / sqlite3_prepare_v2 etc and I basically moved towards familiar grounds first due to lack of documentation or examples.
So, looking at my second example again, and going back to my question... what am I missing?
Probably, my question should be When do you use db.Find() and under what circumstances would you use db.Edit() and how do they tie together. As Ced stated, a 'realworld example' would be a plus...
open databasecreate tablenew recordupdate recorddelete recordclose db
Regards
David
    On Thursday, May 30, 2019, 4:12:07 PM GMT+2, Cedron Dawg <cedron at exede.net> wrote:  
 
 Absolutely!  You should use the sugar syntax $Sql &= "blah blah blah" instead.

Ahhh, just kidding.

What I am really wondering is if there is an example project that has the right way to do it for the whole process.  Meaning some kind of form having a search list, a record selection, a record edit and update, a new record added with all the different data types included, some perhaps displayed with alternative available controls.

Of course, it would also have the code backing it showing the proper use of Subst with Exec() and Find() examples.

Are there any such officially (read Benoit) approved projects?

Thanks,

Ced



----- Original Message -----
From: "Benoît Minisini" <g4mba5 at gmail.com>
To: "user" <user at lists.gambas-basic.org>
Sent: Thursday, May 30, 2019 9:34:06 AM
Subject: Re: [Gambas-user] Using dates in Gambas

Le 30/05/2019 à 10:54, David Silverwood via User a écrit :
> Hi. Me again
> 
> So this is my code...
> 
> /Public Sub btnUpdate_Click()/
> //
> /    $Sql = "UPDATE cashup SET ("/
> /    $Sql = $Sql & "date = '" & edtDate.Text & "', "/
> /    $Sql = $Sql & "ref = '" & edtTransNo.Text & "', "/
> /    $Sql = $Sql & "amount = " & ValueBox1.Text & ", "/
> /    $Sql = $Sql & "comment = '" & edtDescription.Text & "', "/
> /    $Sql = $Sql & "WHERE date = '" & edtDate.Text & "';"/
> //

You MUST NOT make your SQL request like that.

NEVER.

███╗  ██╗███████╗██╗  ██╗███████╗██████╗    ██╗
████╗  ██║██╔════╝██║  ██║██╔════╝██╔══██╗    ██║
██╔██╗ ██║█████╗  ██║  ██║█████╗  ██████╔╝    ██║
██║╚██╗██║██╔══╝  ╚██╗ ██╔╝██╔══╝  ██╔══██╗    ╚═╝
██║ ╚████║███████╗ ╚████╔╝ ███████╗██║  ██║    ██╗
╚═╝  ╚═══╝╚══════╝  ╚═══╝  ╚══════╝╚═╝  ╚═╝    ╚═╝

You must use the substitution feature of the Exec(), Find()... methods 
of the Connection object, which takes care for you of quoting SQL values 
accordingly to the underlying database to prevent SQL requests injections.

And you must convert the text entered in the controls into the 
corresponding datatypes (Date, Integer, Float, Boolean, String) before 
passing them to the Exec(), Find()... methods.

Regards,

-- 
Benoît Minisini

----[ Gambas mailing-list is hosted by https://www.hostsharing.net ]----

----[ Gambas mailing-list is hosted by https://www.hostsharing.net ]----
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gambas-basic.org/pipermail/user/attachments/20190602/c1d891fc/attachment.html>


More information about the User mailing list