Sql Command - Level Extreme

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Sql Command

Message

18/11/2006 08:31:21

Mike Yearwood
Toronto, Ontario, Canada

18/11/2006 04:31:46

Borislav Borissov
Microcomplex
Sofia, Bulgarie

Information générale

Forum:

Visual FoxPro

Catégorie:

Base de données, Tables, Vues, Index et syntaxe SQL

Titre:

Re: Sql Command

Divers

Thread ID:

01170581

Message ID:

01170946

Vues:

>>thanks Sergey
>>
>>i want to write one new sql statement
>>vfp - statement
>>select code from _tmp
>>
>>SQLExec(gnconnhandle,'select * from product where prcode in ( i want to use here vfp Statement','product')
>>can it possible
>
>You can't. You must prepare the list and SELECT beforehand.
>

>SELECT .... && your "I want to use here vfp Statement"
>lcList = []
>SCAN
>   lcList = lcList + IIF(EMPTY(lcList),[],[,]) + TRANSFORM(FieldName)
>ENDSCAN
>
>SQLExec(gnconnhandle,'select * from product where  prcode in ('+ lcList+ ')','product')
>
>

Please beware that you are creating a possible SQL injection attack. All that has to happen is for the line lcList = [] to be changed to lcList = something user entered.

I've also determined it is always fastest to...

lcList = []
SCAN
   lcList = m.lcList + TRANSFORM(FieldName) + ","
ENDSCAN
lcList = LEFT(m.lcList,len(m.lcList)-1)

http://msvfp.advisorguide.com/doc/14710

Répondre

Fil

Voir

Click here to load this message in the networking platform