Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
TEXTMERGE with variables
Message
 
To
05/07/2011 05:37:54
Victor Chignes
Inteliventas
Peru
General information
Forum:
Visual FoxPro
Category:
Coding, syntax & commands
Title:
Re: TEXTMERGE with variables
Miscellaneous
Thread ID:
01517278
Message ID:
01517280
Views:
73
This message has been marked as a message which has helped to the initial question of the thread.
>Hello.
>
>I'm trying to create a end user query generator. For that I need to let the user enter variables and then select statements using those variables.
>
>After that I have to create the final select statement.
>
>So far I have this:
>
>qp1 = "Lima"
>Sql = "Select * from customer where city =  '<<qp1>>' "
>TEXT TO lcSQL NOSHOW TEXTMERGE
>  <<Sqlt>>
>ENDTEXT
>?    lcSQL
>
> I was hoping to obtain "Select * from customer where city = 'Lima' " but I get
Select * from customer where city =  '<<qp1>>'
instead.
>
>Any help or equivalent approach?

Try always to use parameters (esp. when the user can edit the sent variables)
Otherwise you are opened for SQL Injections.
TEXT TO lcSQL NOSHOW TEXTMERGE
     Select * from customer where city =  ?qp1
ENDTEXT
Against Stupidity the Gods themselves Contend in Vain - Johann Christoph Friedrich von Schiller
The only thing normal about database guys is their tables.
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform