[Gambas-user] How to write sql query in gambas way
Gianluigi
bagonergi at gmail.com
Tue May 10 14:46:58 CEST 2022
Il giorno mar 10 mag 2022 alle ore 14:24 Benoît Minisini <g4mba5 at gmail.com>
ha scritto:
> Le 10/05/2022 à 14:16, Gianluigi a écrit :
> > Yes so it seems to work fine :-)
> >
> > Public Sub Button2_Click()
> >
> > Dim res As Result
> >
> > res = conn.Exec("select fldtitle from tbltest where flddepartment
> > in (" & "'" & xCountry.Join("','") & "'" & ");")
> >
> > If res.Available Then
> > ListBox1.List = res.All("fldtitle")
> > Endif
> >
> > End
> >
> > Regards
> > Gianluigi
> >
> >
> > I exaggerated with the '&' but that's the concept :-D
> >
> > res = conn.Exec("select fldtitle from tbltest where flddepartment in ('"
> > & xCountry.Join("','") & "');")
> >
> > Regards
> > Gianluigi
> >
> >
> > ----[ http://gambaswiki.org/wiki/doc/netiquette ]----
>
> But if you omit to use Connection.Subst(), your code is utterly wrong,
> as it introduces a possible SQL injection.
>
> Regards,
>
> --
> Benoît Minisini
>
> ----[ http://gambaswiki.org/wiki/doc/netiquette ]----
>
Sorry Benoit,
I was left to the first speech of the concatenation.
Now everything is clear and I thank you very much for the clarification.
Regards
Gianluigi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gambas-basic.org/pipermail/user/attachments/20220510/6957154f/attachment.htm>
More information about the User
mailing list