[Gambas-user] How to write sql query in gambas way

Gianluigi bagonergi at gmail.com
Tue May 10 14:46:58 CEST 2022


Il giorno mar 10 mag 2022 alle ore 14:24 Benoît Minisini <g4mba5 at gmail.com>
ha scritto:

> Le 10/05/2022 à 14:16, Gianluigi a écrit :
> >     Yes so it seems to work fine :-)
> >
> >     Public Sub Button2_Click()
> >
> >        Dim res As Result
> >
> >        res = conn.Exec("select fldtitle from tbltest where flddepartment
> >     in (" & "'" & xCountry.Join("','") & "'" & ");")
> >
> >        If res.Available Then
> >          ListBox1.List = res.All("fldtitle")
> >        Endif
> >
> >     End
> >
> >     Regards
> >     Gianluigi
> >
> >
> > I exaggerated with the '&' but that's the concept :-D
> >
> > res = conn.Exec("select fldtitle from tbltest where flddepartment in ('"
> > & xCountry.Join("','") & "');")
> >
> > Regards
> > Gianluigi
> >
> >
> > ----[ http://gambaswiki.org/wiki/doc/netiquette ]----
>
> But if you omit to use Connection.Subst(), your code is utterly wrong,
> as it introduces a possible SQL injection.
>
> Regards,
>
> --
> Benoît Minisini
>
> ----[ http://gambaswiki.org/wiki/doc/netiquette ]----
>

Sorry Benoit,

I was left to the first speech of the concatenation.

Now everything is clear and I thank you very much for the clarification.

Regards
Gianluigi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gambas-basic.org/pipermail/user/attachments/20220510/6957154f/attachment.htm>


More information about the User mailing list