How to pass a variable to SQL statement.

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

How to pass a variable to SQL statement.

Message

01/02/2008 07:24:33

Nicholas Mason
London, Royaume Uni

01/02/2008 07:10:59

Mike Yearwood
Toronto, Ontario, Canada

Information générale

Forum:

Visual FoxPro

Catégorie:

Problèmes

Titre:

Re: How to pass a variable to SQL statement.

Divers

Thread ID:

01287831

Message ID:

01287879

Vues:

>>>Hello all. Another noob question.
>>>I have 2 fields. One is a text box, the other a combo box.
>>>The LOST FOCUS property of the text box assigns its value to a xVariable
>>>Then it populates (or tries to)the combo box with:
>>>thisform.combo1.rowsource="select names from table1 where names LIKE xVariable into cursor Z"
>>>In other words, I want that if xVariable is "GA", the combo box is populated with all the names that start with GA.
>>>I have tried several posibilities with no success. What am I missing?
>>>
>>>TIA
>>how about:
>>

>>thisform.combo1.rowsource="select names from table1 where names LIKE " + xVariable + " into cursor Z"

>>
>>However this will not work unless xVariable is public. Better to make it a Form Property:
>>
>>

>>thisform.combo1.rowsource="select names from table1 where names LIKE "+ ThisForm.xVariable + " into cursor Z"

>
>Umm. Hello? Does anyone worry about SQL Injection Attacks anymore?

Hi Mike

How would you get an sql injection attack into a form rowsource at run time ?

I thought that sort of attack only could occur via the internet and browsers.

Nick

Répondre

Fil

Voir

Click here to load this message in the networking platform