[thelist] SQL text form box

rudy r937 at interlog.com
Wed Jun 27 20:47:36 CDT 2001


> Joshua, if you're not a guru, you're damn close.

i'll second that, he's shown me a couple neat tricks too

> It worked.

the main criterion

bonus marks if it's really really fast (not really applicable in your case
dan, which involved a syntax error)


> I assume the quotes were needed so the program language
> would be recognized by SQL?? In this case ASP...

exactamundo -- sort of

by the time the database sees the sql statement, the program variables are
actually hardcoded in the sql statement as literals!!

let me explain...

what you were doing was constructing a long string -- the sql statement

most pieces of the string that form the sql statement are quoted, because
they are just strings

the string pieces have to be concatenated, using the ampersand, with the
values in the programming language variables, like varLastName

what makes it so tricky is that the values in the programming language
variables are actually strings!!!  they themselves have to be enclosed in
quotes in the sql statement!!

here's an example *after* the ASP page passes the sql statement to the
database --

   select something
      from sometable
    where People.PeopleNameLast = 'mcgillicuddy'
        and People.PeopleNameFirst = 'fred'

thus when you try to string all this together, you have to make sure the
quotes are included and handled properly

<tip>
to construct sql statement strings which contain quotes, use the single
quote for literal values in the string, and use double quotes for the sql
statement string pieces
</tip>


helps?

rudy
http://rudy.ca/





More information about the thelist mailing list