sql when variable is an integer

Hello,
I understand this is the sql statement when the variable is a string.

“SELECT * FROM Table WHERE condition = '” + var + “’”

Can someone help me with the syntax if the variable is an integer?
I have tried several iterations of single quotes, double quotes, and + signs, nothing seems to work. thanks.

[quote=406913:@John Marshall]Hello,
I understand this is the sql statement when the variable is a string.

“SELECT * FROM Table WHERE condition = '” + var + “’”

Can someone help me with the syntax if the variable is an integer?
I have tried several iterations of single quotes, double quotes, and + signs, nothing seems to work. thanks.[/quote]

The short answer is to turn your integer variable’s contents to a string. One such possibility is:

var sql as string = "SELECT * FROM Table WHERE condition = " + str(var) 

The basic rule is the contents of your SELECT statement must be valid SQL syntax. You don’t want the extra quotes you were trying because that would end up creating a statement such as

SELECT * FROM Table WHERE condition = "123"

and if condition were a numeric database field, you want the SELECT statement to compare it to a number instead of a string.

That said, you should instead consider using a prepared statement because it helps insulate you from problems like these, or strings with embedded quotes, etc. And more nefarious things like SQL Injection too.

Got it. Thanks!
On your advice, i’ll check into the PStatements this evening…

I maybe also should have pointed out that if the condition were a text/character field, then you would in fact need something similar to what you tried so that your SQL statement did up with contents of your variable quoted in the statement passed to SQL.

However, then consider what needs to happen if the contents of the string variable itself has embedded quote characters as in words like o’clock or 10" widget. There are ways of still handling that, but many would argue the best way is using Prepared Statements.

[quote=406920:@Douglas Handy]I maybe also should have pointed out that if the condition were a text/character field, then you would in fact need something similar to what you tried so that your SQL statement did up with contents of your variable quoted in the statement passed to SQL.

However, then consider what needs to happen if the contents of the string variable itself has embedded quote characters as in words like o’clock or 10" widget. There are ways of still handling that, but many would argue the best way is using Prepared Statements.[/quote]
All the more reason to use Prepared Statements… it easily solves this and many other problems

For numeric fields, quotes are permitted but optional. So

SELECT * FROM Table WHERE condition = 123

and

SELECT * FROM Table WHERE condition = "123"

are equivalent.

In SQLite, yes, in other databases engines… maybe maybe not

In all the database engines I have used, that has been the case. But you are right, refer to the documentation of the specific database you are using.