MySQL - Inserting apostrophe question

Rick_Yerex · June 4, 2014, 7:55pm

Does xojo have a command or utility for inserting strings containing apostrophes into a MySQL table?

Kem_Tekinay · June 4, 2014, 7:57pm

Yes, a PreparedSQLStatement or InsertRecord.

Richard_Summers · June 4, 2014, 8:03pm

I had the same problem a few weeks ago - Prepared statements work nicely with saving apostrophes to the database.

Rick_Yerex · June 4, 2014, 8:15pm

I’m not too familiar with “Prepared Statements” … but are they on the server side?

What I do now is use a basic SQL command within the code. Either INSERT INTO or UPDATE .

Rick_Yerex · June 4, 2014, 8:19pm

I took a quick look at InsertRecord … can that be used against a MySQL table using xojo’s mysql connector?

Kem_Tekinay · June 4, 2014, 8:20pm

You should get familiar with Prepared Statements or, as I said, Database.InsertRecord which uses a prepared statement in the background. RecordSet.Edit is safe too.

Kem_Tekinay · June 4, 2014, 8:22pm

Sure.

Rick_Yerex · June 4, 2014, 8:23pm

Thanks, I’ll check into those options.

Rick_Yerex · June 4, 2014, 8:24pm

currently I use SQLExecute

Rick_Yerex · June 4, 2014, 8:27pm

For some reason I was under the assumption that appending to or updating a MySQL database using recordsets either didn’t work in xojo or wasn’t a good idea and it was better to use an SQL statement and SQLExecute.

Kem_Tekinay · June 4, 2014, 8:33pm

I’m not aware of that, but converting to a PreparedSQLStatement is probably easier anyway.

If your code is currently something like:

db.SQLExecute "UPDATE mytable SET myfield = '" + Sanitize( theData ) + "'"

You can convert that pretty quickly to:

dim ps as PreparedSQLStatement = db.Prepare( "UPDATE mytable SET myfield = ?" )
ps.BindType( 0, MySQLPreparedStatement.MYSQL_TYPE_STRING )
ps.SQLExecute( theData )

Rick_Araujo · June 4, 2014, 9:14pm

Read this thread https://forum.xojo.com/4921-mysqlpreparedstatement

Wayne developed a helper and Sasha evolved the idea.
The tool is used to help you to design your statements.
It’s shared in Github.

Emile_Schwarz · June 6, 2014, 8:44am

I was advised to not use that.

What I do (actually, but I have to go the PreparedStatement way) is to *:

a. at import time: replace ’ with (standard quote by curly quote),
b. at user TextArea or TextField entering time: replace ’ with (standard quote by curly quote) too.

I have to take time asap to modify my code (one more time) to use PreparedStatements.

I think I do the same tricks with some other weird characters (characters Databases and Excel do not love as is), but I forgot what they are…

Rick_Yerex · June 9, 2014, 11:21pm

[quote=95480:@Rick Araujo]Read this thread https://forum.xojo.com/4921-mysqlpreparedstatement

Wayne developed a helper and Sasha evolved the idea.
The tool is used to help you to design your statements.
It’s shared in Github.[/quote]

I downloaded Sascha’s “tool” and was able to implement appropriate code which works perfectly for my needs.

Thanks all for the help.