Welcome To The Home Of The Visual FoxPro Experts  
home. signup. forum. archives. search. google. articles. downloads. faq. members. weblogs. file info. rss.
 From: David Mustakim
  Where is David Mustakim?
 Jakarta
 Indonesia
 David Mustakim
 To: Michel Levy
  Where is Michel Levy?
 
 France
 Michel Levy
 Tags
Subject: RE: Conditional View in MySql
Thread ID: 365665 Message ID: 365690 # Views: 41 # Ratings: 0
Version: Visual FoxPro 9 SP2 Category: Databases, Tables and SQL Server
Date: Sunday, December 30, 2012 11:30:42 AM         
   


... Ooh, then.. Please educate us all with a better and and hopefully perfectly immune alternative. I think we are, or at the least I am, all ears now

David
..
.






> >
> >
> >
> > You need to assemble the SQL expression you want to execute on MySql with SQLEXEC() as a regular character string, replacing the WHERE clause portion with your variables.
> >
> > Example:
> >
lcSql = "SELECT * FROM myTable WHERE $field$ $cond$ $value$"
> > 
> > * Replace the variable portions
> > lcSql = STRTRAN(lcSql, "$field$", thisForm.whatever.field.value)
> > lcSql = STRTRAN(lcSql, "$cond$",  thisForm.whatever.condition.value)
> > lcSql = STRTRAN(lcSql, "$value$", thisForm.whatever.data.value)
> > 
> > * Alternatively:
> > lcSql = "SELECT * FROM myTable WHERE " + ;
> >             thisForm.whatever.field.value + " " + ;
> >             thisForm.whatever.condition.value + " " + ;
> >             thisForm.whatever.data.value
> > 
> > * You can then log the constructed string here, or do whatever else you'd like with it
> > 
> > * To execute:
> > lnResult = SQLEXEC(gnConn, lcSql, 'c_myCursor')
> > 

> >
> > Basically, you're assembling the string to be the thing you need in the way you need it.
> >
> > Best regards,
> > Rick C. Hodgin
>
> --
> Rick,
>
> do you know that you open the door to SQL injection, with such abominable code???
> a database developper should NEVER NEVER concatenate the variable value in the where clause.
>
> Please, keep your advice in the area you have some knowledge, and it seems that SQL development is out of your knowledge.
>
> Michel L

ENTIRE THREAD

Conditional View in MySql Posted by Ahsan Rana @ 12/29/2012 6:40:17 PM
RE: Conditional View in MySql Posted by Rick Hodgin @ 12/29/2012 7:36:07 PM
RE: Conditional View in MySql Posted by Ahsan Rana @ 12/30/2012 9:59:20 AM
RE: Conditional View in MySql Posted by Michel Levy @ 12/30/2012 11:10:28 AM
RE: Conditional View in MySql Posted by David Mustakim @ 12/30/2012 11:30:42 AM
RE: Conditional View in MySql Posted by Stefan Wuebbe @ 12/30/2012 12:51:16 PM
RE: Conditional View in MySql Posted by Ahsan Rana @ 12/30/2012 1:01:04 PM
RE: Conditional View in MySql Posted by Stefan Wuebbe @ 12/30/2012 1:13:28 PM
RE: Conditional View in MySql Posted by David Mustakim @ 12/30/2012 4:40:56 PM
RE: Conditional View in MySql Posted by Michel Levy @ 12/30/2012 5:59:59 PM
RE: Conditional View in MySql Posted by David Mustakim @ 12/30/2012 6:53:52 PM
RE: Conditional View in MySql Posted by Michel Levy @ 12/30/2012 1:06:01 PM
RE: Conditional View in MySql Posted by Rick Hodgin @ 12/30/2012 2:59:44 PM
RE: Conditional View in MySql Posted by Michel Levy @ 12/30/2012 6:19:54 PM
RE: Conditional View in MySql Posted by Rick Hodgin @ 12/30/2012 11:46:35 PM
RE: Conditional View in MySql Posted by Michel Levy @ 12/31/2012 12:08:20 PM
RE: Conditional View in MySql Posted by Rick Hodgin @ 12/31/2012 9:37:10 PM
RE: Conditional View in MySql Posted by Michel Levy @ 12/30/2012 6:20:12 PM
RE: Conditional View in MySql Posted by Rick Hodgin @ 12/31/2012 12:06:08 AM
RE: Conditional View in MySql Posted by M. Tanveer Ul Hassan Shaheen @ 12/29/2012 9:05:17 PM
RE: Conditional View in MySql Posted by M. Tanveer Ul Hassan Shaheen @ 12/29/2012 9:11:09 PM
RE: Conditional View in MySql Posted by David Mustakim @ 12/30/2012 1:49:10 PM
RE: Conditional View in MySql Posted by Anders Altberg @ 12/30/2012 4:09:15 PM