Perhaps I am misunderstanding the problem here. I am a great fan of
the concept of merge. And it is certainly possible to use merge() to
produce the list of fields with each field value enclosed by either
single or double quotes. It just requires a litte indirection.
(I've put some arbitrary va
Peter Haworth-2 wrote
>
> so I just have to:
>
> put buildValuesClause(globaldate,tmaternalname,tmaternalphin,) after
> tSQL
>
> I put that together before I knew revexecuteSQL substitution deals with
> all that and more but it kinda works for me.
>
Smart. Sounds like the direction I will be
You're right, it would mess things up - sorry, didn't look closely enough
at your code. The only way you could do it would be to use LC's quote
constant but that would make setting up the merge command a horrendous
mess!
To be honest though, I usually just build the VALUES part of the SQL
comman
Peter Haworth-2 wrote
>
> If you use single quotes, double quotes don't need to be escaped in the
> literal, and vice versa. So, if you're sure that your data won't contain
> double quotes, then you can use double quotes to enclose the literals and
> single quotes won't cause a problem.
>
>
Thank you all... you have left me with a number of great suggestions to look
into. It does seem like using "variable lists" as in the substitution
approach would be the more/most generic solution to this problem... since
I'm on a deadline I'll probably do a quick and dirty escape on apostrophe
(tha
Two different topics here, I think, - escaping single (and double) quotes
and sql injection. Both appear to be solved with the revExecuteSQL
substitution.
If you don't use revExecuteSQL solution then there's two choices for
escaping. SQL accepts either single or double quotes to enclose literals.
Escape your data first. I am sure someone has written an SQL escape library.
Another way might be to encode your data before inserting/updating and decode
it in your select statements. sqlYoga automagically escapes your data for you
if you use the commands and functions provided. (I should get s
On 31/01/2012 12:32, Len Morgan wrote:
Apostrophe is a reserved character in SQL so you'll have to escape it.
If you take the part of your INSERT statement that has the field with
the apostrophe in it and "expand" the variable (i.e., write it in with
the *contents *of the variable instead (e.g.,
Apostrophe is a reserved character in SQL so you'll have to escape it.
If you take the part of your INSERT statement that has the field with
the apostrophe in it and "expand" the variable (i.e., write it in with
the *contents *of the variable instead (e.g., INSERT
.,'[[globaldata] ]' becom
Hmm can't try it now but if you use the substitution form for the insert
(revExecuteSQL myID, "insert into mytable values(:1,:2,:1)",
"valueX","valueY")
does it work that way?
On Tue, Jan 31, 2012 at 12:55 AM, Mike Bonner wrote:
> urlencode the data before putting it into the db, decode it when
urlencode the data before putting it into the db, decode it when you pull
it back out. At least I think thats the easiest answer. t
On Tue, Jan 31, 2012 at 12:50 AM, Mark Smith wrote:
> Hi, I have some code that works fine until I put an apostrophe into a field
> and then it errors out on storin
11 matches
Mail list logo
