Hello,
I understand this is the sql statement when the variable is a string.
“SELECT * FROM Table WHERE condition = '” + var + “’”
Can someone help me with the syntax if the variable is an integer?
I have tried several iterations of single quotes, double quotes, and + signs, nothing seems to work. thanks.
[quote=406913:@John Marshall]Hello,
I understand this is the sql statement when the variable is a string.
“SELECT * FROM Table WHERE condition = '” + var + “’”
Can someone help me with the syntax if the variable is an integer?
I have tried several iterations of single quotes, double quotes, and + signs, nothing seems to work. thanks.[/quote]
The short answer is to turn your integer variable’s contents to a string. One such possibility is:
var sql as string = "SELECT * FROM Table WHERE condition = " + str(var)
The basic rule is the contents of your SELECT statement must be valid SQL syntax. You don’t want the extra quotes you were trying because that would end up creating a statement such as
SELECT * FROM Table WHERE condition = "123"
and if condition were a numeric database field, you want the SELECT statement to compare it to a number instead of a string.
That said, you should instead consider using a prepared statement because it helps insulate you from problems like these, or strings with embedded quotes, etc. And more nefarious things like SQL Injection too.
I maybe also should have pointed out that if the condition were a text/character field, then you would in fact need something similar to what you tried so that your SQL statement did up with contents of your variable quoted in the statement passed to SQL.
However, then consider what needs to happen if the contents of the string variable itself has embedded quote characters as in words like o’clock or 10" widget. There are ways of still handling that, but many would argue the best way is using Prepared Statements.
[quote=406920:@Douglas Handy]I maybe also should have pointed out that if the condition were a text/character field, then you would in fact need something similar to what you tried so that your SQL statement did up with contents of your variable quoted in the statement passed to SQL.
However, then consider what needs to happen if the contents of the string variable itself has embedded quote characters as in words like o’clock or 10" widget. There are ways of still handling that, but many would argue the best way is using Prepared Statements.[/quote]
All the more reason to use Prepared Statements… it easily solves this and many other problems