mySQL Query... need some help
Frank D. Engel, Jr.
fde101 at fjrhome.net
Fri Dec 17 10:19:44 EST 2004
Also, if your field is accepting user input, be careful about
"escaping" the strings. Otherwise, if the user inputs text with a
quote delimiter (') in it, the query may fail in the database, or give
unexpected results. Run each text field you aren't absolutely sure of
through a function something like this:
function quoteString inText
put inText into x
replace "'" with "''" in x
return x
end quoteString
Now you are looking at something more like:
put revDataFromQuery(,,databaseID, "SELECT * FROM mybuddies WHERE
FirstName = " & quoteString(field "myQuery"))
On Dec 17, 2004, at 5:05 AM, Ben Rubinstein wrote:
> on 17/12/04 3:58 am, docmann wrote
>
>> on mouseUp
>> get revDataFromQuery(,,"SELECT * FROM mybuddies WHERE FirstName =
>> field 'myQuery'")
>> end mouseUp
>
> I can see two issues here (I won't say that there may not be other
> ones!).
>
> The first one is that you need at least two parameters to
> 'revDataFromQuery': database id, and SQL query. You've got the SQL
> query,
> but not the id. But I'm guessing you may have just left that out of
> the
> message? Anyway, you need to open the database before you can call
> 'revDataFromQuery': see revOpenDatabase for more information.
>
> The second problem is that the query string passed as a parameter to
> 'revDataFromQuery' is actually passed directly to the database, in
> this case
> MySQL. So MySQL gets this query:
>
> SELECT * FROM mybuddies WHERE FirstName = field 'myQuery'
>
> But MySQL doesn't know anything about your Revolution fields. So you
> need
> to get the data out of the Revolution field before passing the query to
> MySQL. You could do something like this, just using Transcript's
> standard
> string concatenation operator:
>
> put field "myQuery" into tName
> put "SELECT * FROM mybuddies WHERE FirstName = '" & tName & "'" into
> tSQL
> get revDataFromQuery(,, iDatabaseID, tSQL)
>
> That way, if the field contains "Bob", then the variable tSQL will be
> set to
> (and MySQL will get):
>
> SELECT * FROM mybuddies WHERE FirstName = 'Bob'
>
> Because this is quite a common pattern in making queries from
> databases -
> most of the query is hard wired, but part is dynamic - revDataFromQuery
> includes a special feature to make this more convenient. The string
> you
> pass to revDataFromQuery can contain placeholders, which
> revDataFromQuery
> fills in from variables, the names of which are passed in as additional
> parameters. In this simple case, it's hardly simpler, but it can be
> useful
> in more complicated cases. The following code will send exactly the
> same
> string to MySQL:
>
> put field "myQuery" into tName
> put "SELECT * FROM mybuddies WHERE FirstName = ':1'" into tSQL
> get revDataFromQuery(,, iDatabaseID, tSQL, "tName")
>
> (Note that the name of the variable holding the value to be
> substituted for
> the placeholder is passed, rather than the value - unusual in
> Transcript,
> and slightly confusing.)
>
> Hope this helps,
>
> Ben Rubinstein | Email: benr_mc at cogapp.com
> Cognitive Applications Ltd | Phone: +44 (0)1273-821600
> http://www.cogapp.com | Fax : +44 (0)1273-728866
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> http://lists.runrev.com/mailman/listinfo/use-revolution
>
>
-----------------------------------------------------------
Frank D. Engel, Jr. <fde101 at fjrhome.net>
$ ln -s /usr/share/kjvbible /usr/manual
$ true | cat /usr/manual | grep "John 3:16"
John 3:16 For God so loved the world, that he gave his only begotten
Son, that whosoever believeth in him should not perish, but have
everlasting life.
$
___________________________________________________________
$0 Web Hosting with up to 120MB web space, 1000 MB Transfer
10 Personalized POP and Web E-mail Accounts, and much more.
Signup at www.doteasy.com
More information about the use-livecode
mailing list