[Gambas-user] How to write sql query in gambas way
Benoît Minisini
g4mba5 at gmail.com
Tue May 10 14:23:26 CEST 2022
Le 10/05/2022 à 14:16, Gianluigi a écrit :
> Yes so it seems to work fine :-)
>
> Public Sub Button2_Click()
>
> Dim res As Result
>
> res = conn.Exec("select fldtitle from tbltest where flddepartment
> in (" & "'" & xCountry.Join("','") & "'" & ");")
>
> If res.Available Then
> ListBox1.List = res.All("fldtitle")
> Endif
>
> End
>
> Regards
> Gianluigi
>
>
> I exaggerated with the '&' but that's the concept :-D
>
> res = conn.Exec("select fldtitle from tbltest where flddepartment in ('"
> & xCountry.Join("','") & "');")
>
> Regards
> Gianluigi
>
>
> ----[ http://gambaswiki.org/wiki/doc/netiquette ]----
But if you omit to use Connection.Subst(), your code is utterly wrong,
as it introduces a possible SQL injection.
Regards,
--
Benoît Minisini
More information about the User
mailing list