SQL Insert Syntax

[Devin Asay]

Bob,

You could try parameterizing your statements as described in the dictionary. Also, you don’t want to quote your column names.

put 0,43,500,543 into tRect
put “image “ & quote & “fresh_now.png” & quote into tObj
put “card “ & quote & “Main” & quote into tCard
put false into tVis
revExecuteSQL myID, "insert into arraydata (rect,controlname,owner,visible) values(:1,:2,:3,:4)", “tRect" ,”tObj”,”tCard”, “tVis”

This is also best practice, because it protects against SQL injection attacks. (Admittedly more of a concern with network databases.)

HTH

Devin


> On Jan 5, 2018, at 2:24 PM, Bob Sneidar via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> Possibly, but every sqLite reference I've looked at seems to indicate that I should enclose string values with single quotes, and since my text contains double quotes, I thought that would do the trick. I have tried escaling quotes ie. \" but that doesn't work either. 
> 
> This BTW is why I use sqlYoga, so I don't have to deal with this syntax crap, but I am writing a function that I want to be universally viable. 
> 
> Bob S
> 
> 
>> On Jan 5, 2018, at 13:18 , Devin Asay via use-livecode <use-livecode at lists.runrev.com> wrote:
>> 
>> Bob,
>> 
>> Some SQL dialects accept both single and double quotes as string delimiters. Might that be the problem?
>> 
>> Devin
> 
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

Devin Asay
Director
Office of Digital Humanities
Brigham Young University