>>How do you change the following SQL Select into parameterized?
>>
>>
>>nResult = SQLEXEC(hCon, "SELECT * FROM MyTable WHERE MyField = '" + cFldValue + "'", "c_cursor")
>>
>>
>>TIA.
>
>private cFldValue
>
>cFldValue = 'Test'
>
>nResult = SQLEXEC(hCon, "SELECT * FROM MyTable WHERE MyField =?cFldValue, "c_cursor")
Where do you put the closing close quotation mark (")? After ?cFldValue ? or after =? For example, is following correct syntax?:
nResult = SQLEXEC(hCon, "SELECT * FROM MyTable WHERE MyField =?cFldValue", "c_cursor")
"The creative process is nothing but a series of crises." Isaac Bashevis Singer
"My experience is that as soon as people are old enough to know better, they don't know anything at all." Oscar Wilde
"If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money that it values more, it will lose that too." W.Somerset Maugham