Database error?

Peter Haworth pete at lcsql.com
Fri Apr 10 21:36:58 EDT 2015


On Fri, Apr 10, 2015 at 6:14 PM, J. Landman Gay <jacque at hyperactivesw.com>
wrote:

> I'm not quite sure what Pete meant by using the variable name option in
> the rev database functions though. (I am so not a database person.)


Well you opened the door by asking :-)

As an example, revDataFromQuery's syntax is

revDataFromQuery([*columnDelim*],[*rowDelim*],*databaseID*,*SQLQuery*[,
*varsList*])

"varslist" is the thing I mentioned.  It allows you have a SELECT statement
like this:

SELECT col1,col2 FROM myTable WHERE col3=:1 AND col4=:2

The values for :1 and :2 are supplied in the varslist which can either be a
comma separated list of simple variable names or a single array variable
with, in this case, keys 1 and 2, with the variable names enclosed in
quotes.

So the revDataFromQuery call would be:

put revDataFromQuery(,,gDBID,tSelect,"tValue1",tValue2") into tData

OR

put revDataFromQuery(,,gDBID,tSelect,"tArray") into tData

In addition to preventing SQL injection attacks, this also avoids the need
to escape troublesome characters like quotes in the data.

Pete
lcSQL Software <http://www.lcsql.com>
Home of lcStackBrowser <http://www.lcsql.com/lcstackbrowser.html> and
SQLiteAdmin <http://www.lcsql.com/sqliteadmin.html>



More information about the use-livecode mailing list