>>>>How do you change the following SQL Select into parameterized?
>>>>
>>>>
>>>>nResult = SQLEXEC(hCon, "SELECT * FROM MyTable WHERE MyField = '" + cFldValue + "'", "c_cursor")
>>>>
>>>>
>>>>TIA.
>>>
>>>private cFldValue
>>>
>>>cFldValue = 'Test'
>>>
>>>nResult = SQLEXEC(hCon, "SELECT * FROM MyTable WHERE MyField =?cFldValue, "c_cursor")
>>
>>Where do you put the closing close quotation mark (")? After ?cFldValue ? or after =? For example, is following correct syntax?:
>>
>>
>>nResult = SQLEXEC(hCon, "SELECT * FROM MyTable WHERE MyField =?cFldValue", "c_cursor")
>>
>
>Yes.
Thank you.
"The creative process is nothing but a series of crises." Isaac Bashevis Singer
"My experience is that as soon as people are old enough to know better, they don't know anything at all." Oscar Wilde
"If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money that it values more, it will lose that too." W.Somerset Maugham