Page 1 of 1
I Need some database coding help
Posted: Thu Mar 23, 2017 10:38 pm
by hessu
v$ = "%" + InputRequester("", "Enter Nutritiongroup:", "") + "%"
DatabaseQuery(1, "SELECT * FROM Food where Nutritiongroup Like '" +v$+ "' " ) , This one is good
DatabaseQuery(1, "SELECT * FROM Food where Nutritiongroup = '" +v$+ "' ") , This one is NOT good, I get none record.
Please help !
Re: I Need some database coding help
Posted: Thu Mar 23, 2017 11:09 pm
by infratec
Hi,
= means: exactly identical as
But you have % as head and tail.
It can not fit exactly.
Bernd
Re: I Need some database coding help
Posted: Fri Mar 24, 2017 2:09 am
by normeus
don't include % inside v$
Code: Select all
v$ = InputRequester("", "Enter Nutritiongroup:", "")
DatabaseQuery(1, "SELECT * FROM Food where Nutritiongroup Like '%" +v$+ "%' " ) ; % here
DatabaseQuery(1, "SELECT * FROM Food where Nutritiongroup = '" +v$+ "' ") ; % NOT here
Norm.
Re: I Need some database coding help
Posted: Fri Mar 24, 2017 6:47 am
by hessu
Re: I Need some database coding help
Posted: Fri Mar 24, 2017 11:14 am
by Marc56us
If you want to be more secure (avoid code injection)
and let user input string with: " and/or '
use labels (with
SetDatabaseString etc)
Code: Select all
; Normal query
v$ = InputRequester("", "Enter Nutritiongroup:", "")
SetDatabaseString(1, 0, v$)
DatabaseQuery(1, "SELECT * FROM Food where Nutritiongroup = ? ")
; Like query
v$ = "%" + InputRequester("", "Enter Nutritiongroup:", "") + "%"
SetDatabaseString(1, 0, v$)
DatabaseQuery(1, "SELECT * FROM Food where Nutritiongroup Like ? ")
So long Chr(34) and ' "+ +" ' to make SQL strings
Thank's Falsam (french forum) for this reminder of PB possibilities.
