Ok, I will create a new database and change all the STRINGs to TEXTs.
Someone on here the other day told me (sternly) that I should not be using RealSQL, and instead use SQLite???
I will now have to look back and see who told me
Ok, I will create a new database and change all the STRINGs to TEXTs.
Someone on here the other day told me (sternly) that I should not be using RealSQL, and instead use SQLite???
I will now have to look back and see who told me
Kem … I believe that without using an actual SQL Prepared Statement, Richard will still have to do something to avoid them nasty little “quote buggers” from messing up sql command strings … i.e., SQLify … right? Just don’t want him thinking that this eliminates that need.
I don’t think that’s true, but I can test right now. Stand by…
Standing by
Hmh, just to stress it a bit extra: Use prepared statements.
You’re database WILL get corrupted if you handle the things the way you do now.
You cannot sqlify everything. You will surely forget things, and others won’t.
As I thought, using a DatabaseRecord and InsertRecord works properly, unless you can see a better way to test it. Here is my code:
dim db as new SQLiteDatabase
if not db.Connect then
AddToResult "Couldn't connect."
return
end if
dim sql as string
sql = "CREATE TABLE tester ( field1 TEXT )"
db.SQLExecute sql
if db.Error then
AddToResult db.ErrorMessage
return
end if
dim insertRec as new DatabaseRecord
insertRec.Column( "field1" ) = "This'and""that"
db.InsertRecord( "tester", insertRec )
if db.Error then
AddToResult db.ErrorMessage
return
end if
sql = "SELECT * FROM tester"
dim rs as RecordSet = db.SQLSelect( sql )
if rs is nil then
AddToResult "No results"
return
end if
while not rs.EOF
AddToResult rs.Field( "field1" ).StringValue
rs.MoveNext
wend
Ok - Im a bit confused now?
I am still at the stage where I use Kem’s original code he sent me AND change my database fields to TEXT instead of STRING.
Is this still the way to proceed, or are you guys finding a different solution.
LOL
No, we are having a conversation amongst ourselves. Carry on.
Amen, Mathias!
Kem, you just ruined a good nights sleep … I’ll be cogitating my navel all night over this one because with MS SQL I have not been able to successfully save things like “Joe’s Pizza Place” without acquiescing to a Prepared Statement (or Replace statement to escape the quotes inside text strings , i.e., SQLify). I’ll try a few things on my end in the morning.
And yes, Richard … carry on … we’re pontificating
Actually, more like “Joe’s Pizza Place is 20’ tall with 6” of snow laying on top of the beam that’s 10’"
Pontificate to your hearts content
I just changed that line of my test code to:
insertRec.Column( "field1" ) = "Joe's Pizza Place is 20' tall with 6"" of snow laying on top of the beam that's 10'"
Again, no problem, but I am only testing with SQLite.
Is it snowing there?
I live in London, England and even we haven’t got any! :).
[quote=70691:@Kem Tekinay]I just changed that line of my test code to:
insertRec.Column( "field1" ) = "Joe's Pizza Place is 20' tall with 6"" of snow laying on top of the beam that's 10'"
Again, no problem, but I am only testing with SQLite.[/quote]
Just asking, what does that code do with "Joe’s Pizza – "? Or “Joe’s; DROP TABLE”? Or “NOW()”?
Not that I want to prove you wrong, but I do have some concerns about that code.
Never tried it with SQLite … wonder if that’s the difference. Oh well, at least Richard’s back on track which was the most important thing with this whole thread. I’ll check out the MS SQL vs. SQLite thing and see what shakes.
… and no, Richard, I live near Myrtle Beach, South Carolina … no snow. But Kem … ahhh, that’s a different story in New York!
I hate you both.
Actually, it hit 60 F here today, so I’m quite happy. But they are predicting snow showers for later in the week, so…
[quote=70697:@Mathias Maes]Just asking, what does that code do with "Joe’s Pizza – "? Or “Joe’s; DROP TABLE”? Or “NOW()”?
[/quote]
I changed my test code to:
insertRec.Column( "field1" ) = "Joe' ; DROP TABLE tester ;"
Again, no problem.
No prob, Kem … you still have the better of it. Can’t tell you the number of times that I’d trade in a heartbeat all the sunshine, warm weather and golf I have here for some of your vast knowledge of this coding platform … that’s what puts the bread on my table, not the 84 deg F that we had today (or the golf tournament I played in this morning … that’s for sure!)
Kem - it worked!!!
I cannot thank you, and the others enough.
THANK YOU ALL SO MUCH!