Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Sql Command
Message
From
18/11/2006 08:31:21
Mike Yearwood
Toronto, Ontario, Canada
 
General information
Forum:
Visual FoxPro
Category:
Databases,Tables, Views, Indexing and SQL syntax
Title:
Re: Sql Command
Miscellaneous
Thread ID:
01170581
Message ID:
01170946
Views:
13
>>thanks Sergey
>>
>>i want to write one new sql statement
>>vfp - statement
>>select code from _tmp
>>
>>SQLExec(gnconnhandle,'select * from product where prcode in ( i want to use here vfp Statement','product')
>>can it possible
>
>You can't. You must prepare the list and SELECT beforehand.
>
>SELECT .... && your "I want to use here vfp Statement"
>lcList = []
>SCAN
>   lcList = lcList + IIF(EMPTY(lcList),[],[,]) + TRANSFORM(FieldName)
>ENDSCAN
>
>SQLExec(gnconnhandle,'select * from product where  prcode in ('+ lcList+ ')','product')
>
>
Please beware that you are creating a possible SQL injection attack. All that has to happen is for the line lcList = [] to be changed to lcList = something user entered.

I've also determined it is always fastest to... 
lcList = []
SCAN
   lcList = m.lcList + TRANSFORM(FieldName) + ","
ENDSCAN
lcList = LEFT(m.lcList,len(m.lcList)-1)
http://msvfp.advisorguide.com/doc/14710
Previous
Reply
Map
View

Click here to load this message in the networking platform