Quotes in SQL-strings? - Level Extreme

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Quotes in SQL-strings?

Message

22/05/2007 11:56:00

Rich Pupko
Retired
Henderson, Nevada, États-Unis

22/05/2007 11:44:06

Jason Phillips
Westbury, Royaume Uni

Information générale

Forum:

Visual FoxPro

Catégorie:

Codage, syntaxe et commandes

Titre:

Re: Quotes in SQL-strings?

Versions des environnements

Visual FoxPro:

VFP 9 SP1

OS:

Windows XP

Network:

Windows 2003 Server

Database:

MS SQL Server

Divers

Thread ID:

01227570

Message ID:

01227665

Vues:

Since I don't use use brackets as text delimiters, I've never been bitten. Actually, I didn't even know there was a problem.

Thanks for pointing this out to me. I now have a real reason to hate brackets beyond a personal peeve.

>Beware that any #DEFINE'd variables will be evaluated when using square brackets.
>
>I've been bitten by this a few times.
>
>
>>>Hallo.
>>>Hope I can explain my problem.
>>>When I'm sending a command to the SQL-server, I make a string with single or double quotes (chr(39) or chr(34)).
>>>But if the user uses a quote in his searchcondition, the string will be corrupt. How do I deal with quotes in the searchconditions to avoid those problem.
>>>
>>>Example:
>>>Lets say that the user is looking for a monitor 14".
>>>

>>>=SQLEXEC(nHandle,"select *  from sqltable where field='monitor 14"' ","Result")
>>>

>>>This will not work as you see.
>>>
>>>/Kjell
>>
>>I hate using brackets for text delimiters (I keep thinking I'm seeing some array construct) but this is the one case they were designed to handle.
>>

>>=SQLEXEC(nHandle,[select * from sqltable where field = 'monitor 14"'],"Result")
>>

Répondre

Fil

Voir

Click here to load this message in the networking platform