>Hello.
>
>I'm trying to create a end user query generator. For that I need to let the user enter variables and then select statements using those variables.
>
>After that I have to create the final select statement.
>
>So far I have this:
>
>qp1 = "Lima"
>Sql = "Select * from customer where city = '<<qp1>>' "
>TEXT TO lcSQL NOSHOW TEXTMERGE
> <<Sqlt>>
>ENDTEXT
>? lcSQL
>
> I was hoping to obtain "Select * from customer where city = 'Lima' " but I get
Select * from customer where city = '<<qp1>>'
instead.
>
>Any help or equivalent approach?
Try always to use parameters (esp. when the user can edit the sent variables)
Otherwise you are opened for SQL Injections.
TEXT TO lcSQL NOSHOW TEXTMERGE
Select * from customer where city = ?qp1
ENDTEXT
Against Stupidity the Gods themselves Contend in Vain - Johann Christoph Friedrich von Schiller
The only thing normal about database guys is their tables.