Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
TEXTMERGE with variables
Message
 
À
05/07/2011 05:37:54
Victor Chignes
Inteliventas
Pérou
Information générale
Forum:
Visual FoxPro
Catégorie:
Codage, syntaxe et commandes
Titre:
Re: TEXTMERGE with variables
Divers
Thread ID:
01517278
Message ID:
01517280
Vues:
74
This message has been marked as a message which has helped to the initial question of the thread.
>Hello.
>
>I'm trying to create a end user query generator. For that I need to let the user enter variables and then select statements using those variables.
>
>After that I have to create the final select statement.
>
>So far I have this:
>
>qp1 = "Lima"
>Sql = "Select * from customer where city =  '<<qp1>>' "
>TEXT TO lcSQL NOSHOW TEXTMERGE
>  <<Sqlt>>
>ENDTEXT
>?    lcSQL
>
> I was hoping to obtain "Select * from customer where city = 'Lima' " but I get
Select * from customer where city =  '<<qp1>>'
instead.
>
>Any help or equivalent approach?

Try always to use parameters (esp. when the user can edit the sent variables)
Otherwise you are opened for SQL Injections.
TEXT TO lcSQL NOSHOW TEXTMERGE
     Select * from customer where city =  ?qp1
ENDTEXT
Against Stupidity the Gods themselves Contend in Vain - Johann Christoph Friedrich von Schiller
The only thing normal about database guys is their tables.
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform