[Gambas-user] Using dates in Gambas

Cedron Dawg cedron at exede.net
Thu May 30 16:11:32 CEST 2019 

Absolutely!  You should use the sugar syntax $Sql &= "blah blah blah" instead.

Ahhh, just kidding.

What I am really wondering is if there is an example project that has the right way to do it for the whole process.  Meaning some kind of form having a search list, a record selection, a record edit and update, a new record added with all the different data types included, some perhaps displayed with alternative available controls.

Of course, it would also have the code backing it showing the proper use of Subst with Exec() and Find() examples.

Are there any such officially (read Benoit) approved projects?

Thanks,

Ced



----- Original Message -----
From: "Benoît Minisini" <g4mba5 at gmail.com>
To: "user" <user at lists.gambas-basic.org>
Sent: Thursday, May 30, 2019 9:34:06 AM
Subject: Re: [Gambas-user] Using dates in Gambas

Le 30/05/2019 à 10:54, David Silverwood via User a écrit :
> Hi. Me again
> 
> So this is my code...
> 
> /Public Sub btnUpdate_Click()/
> //
> /    $Sql = "UPDATE cashup SET ("/
> /    $Sql = $Sql & "date = '" & edtDate.Text & "', "/
> /    $Sql = $Sql & "ref = '" & edtTransNo.Text & "', "/
> /    $Sql = $Sql & "amount = " & ValueBox1.Text & ", "/
> /    $Sql = $Sql & "comment = '" & edtDescription.Text & "', "/
> /    $Sql = $Sql & "WHERE date = '" & edtDate.Text & "';"/
> //

You MUST NOT make your SQL request like that.

NEVER.

███╗   ██╗███████╗██╗   ██╗███████╗██████╗     ██╗
████╗  ██║██╔════╝██║   ██║██╔════╝██╔══██╗    ██║
██╔██╗ ██║█████╗  ██║   ██║█████╗  ██████╔╝    ██║
██║╚██╗██║██╔══╝  ╚██╗ ██╔╝██╔══╝  ██╔══██╗    ╚═╝
██║ ╚████║███████╗ ╚████╔╝ ███████╗██║  ██║    ██╗
╚═╝  ╚═══╝╚══════╝  ╚═══╝  ╚══════╝╚═╝  ╚═╝    ╚═╝

You must use the substitution feature of the Exec(), Find()... methods 
of the Connection object, which takes care for you of quoting SQL values 
accordingly to the underlying database to prevent SQL requests injections.

And you must convert the text entered in the controls into the 
corresponding datatypes (Date, Integer, Float, Boolean, String) before 
passing them to the Exec(), Find()... methods.

Regards,

-- 
Benoît Minisini

----[ Gambas mailing-list is hosted by https://www.hostsharing.net ]----

More information about the User mailing list