Build SQL From User Choices & Invoke It

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Build SQL From User Choices & Invoke It

Message

From

11/02/2002 07:13:34

John Faithfull
Hunterian Museum, University of Glasgow,
Glasgow, United Kingdom

11/02/2002 07:06:36

John Faithfull
Hunterian Museum, University of Glasgow,
Glasgow, United Kingdom

General information

Forum:

Visual FoxPro

Category:

Coding, syntax & commands

Title:

Re: Build SQL From User Choices & Invoke It

Miscellaneous

Thread ID:

00618217

Message ID:

00618222

Views:

One other thing: it may be possible for users inadvertently or deliberately to pass statements other than SQL select to this variable. The & prefix will execute ANY commands, however drastic.

Remember to check that the sqlTxt string is actually an SQL select statement. I use the following. (It also temporarily enables the ESC key while SQL commands are running). (It's written for VFP26, but also works under VFP6)

if upper(substr(alltrim(msql),1,6)) != "SELECT" or "FROM" $ UPPER(msql)=.F.
wait window "Nothing like an SQL command! Try again..." timeout 1
else
clear read
deactivate window isqlwin
wait window "Press to interrupt the search" timeout 1.0
set escape on
on escape do stopsearch
&msql
endif

procedure stopsearch
wait window "Search cancelled" timeout 0.5
on escape
set escape off
return

Cheers

John

Dr. JW Faithfull
Curator in Geology
Hunterian Museum
University of Glasgow
Glasgow G12 8QQ
Scotland

Map

View

Click here to load this message in the networking platform