Overview
Examples
Screenshots
Comparisons
Applications
Download
Documentation
Tutorials
Bazaar
Status & Roadmap
FAQ
Authors & License
Forums
Funding Ultimate++
Search on this site
Search in forums












SourceForge.net Logo
Home » U++ Library support » U++ SQL » Issue with sql.execute(const String&)
Issue with sql.execute(const String&) [message #28410] Tue, 31 August 2010 22:20 Go to next message
BioBytes is currently offline  BioBytes
Messages: 307
Registered: October 2008
Location: France
Senior Member
Hi all,

I have a question regarding the command sql.Execute. This is an example from my source code. the query works perfectly if the query is passed as below:

if(sql.Execute("select * from codetechnic where(codefamille='cat' and product='hemoglobin')")PromptOK("query is executed");

In case the query is built using parameters obtained from droplists controls as follows:

String query;

query<<"select * from codetechnic where(codefamille=";
query<<"'";
query<<mydroplist1.GetData().ToString();
query<<"'";
query<<" and product=";
query<<"'";
query<<mydroplist2.GetData().ToString();
query<<"'";
query<<")";


The expression if(sql.execute(query))returns false (????) and true as above.

Is anybody could explain to me how to pass runtime query ?

thank you for your help

regards
Biobytes
Re: Issue with sql.execute(const String&) [message #28433 is a reply to message #28410] Wed, 01 September 2010 21:27 Go to previous messageGo to next message
zsolt is currently offline  zsolt
Messages: 693
Registered: December 2005
Location: Budapest, Hungary
Contributor
It is a better practice to use SqlExp, even if you don't have a schema file.

It is very easy to do SQL syntax errors if you don't use a helper like SqlExp

sql * Select(SqlAll())
  .From(SqlId("codetechnic"))
  .Where(SqlId("codefamille") == ~mydroplist1 && SqlId("product") == ~mydroplist2);

I didn't check if it is syntactically correct, but I hope so.

And this will guard you against sql-injection bugs.

[Updated on: Wed, 01 September 2010 21:29]

Report message to a moderator

Re: Issue with sql.execute(const String&) [message #28472 is a reply to message #28433] Thu, 02 September 2010 21:38 Go to previous messageGo to next message
BioBytes is currently offline  BioBytes
Messages: 307
Registered: October 2008
Location: France
Senior Member
Thank you very much for your reply. Your code is ok. My problem is that it is not possible to build the query as shown in the attached file. In my project, the user can select different parameters to include dynamically the query by checking option boxes and selecting the wanted specific data in the droplist associated with the box.

Therefore I reviewed my code to test every combination to build the corresponding sql query as shown in the attached file but it is a bit complicated.

I also used Code::Blocks with wxWidgets and DatabaseLayer libs and the sql query can be build in runtime as follows:

wxString query;
wxListBox *lb1;
wxListBox *lb2;

query.Append(_T("Select * from codetechnic where code famille="));
query.Append(_T("'"));
query.Append(lb1->GetStringSelection());
query.Append(_T("'"));
query.Append(_T(" and codeproduit=");
query.Append(_T("'"));
query.Append(lb2->GetStringSelection());
query.Append(_T("'"));

DataResultSet *res=dbLayer->RunQueryWithResults(query);

while(res->Next())
{
.....
}


This code works perfectly. I would like to do the same with U++.

Thank you for helping me

Kind regards
Biobytes
Re: Issue with sql.execute(const String&) [message #28476 is a reply to message #28472] Thu, 02 September 2010 23:07 Go to previous messageGo to next message
zsolt is currently offline  zsolt
Messages: 693
Registered: December 2005
Location: Budapest, Hungary
Contributor
Put a breakpount there or do a log and check the content of the string or the error message from the SQL backend.

Sorry but I have no exlerience with queries like that, since I use U++.

I create dynamic queries with SqlExp.
SqlBool where = (SOMEFIELD == some_value);
if(!(~some_ctrl).IsNull){
  where = where && OTHERFIELD = ~some_ctrl;
}
if(!(~find).IsNull){
  String s = ~find;
  s << '%';
  where = where && Like(THIRDFIELD, s);
}
sql * Select(SqlAll())
  .From(SOMETABLE)
  .Where(where);
Re: Issue with sql.execute(const String&) [message #28511 is a reply to message #28410] Sat, 04 September 2010 19:07 Go to previous message
BioBytes is currently offline  BioBytes
Messages: 307
Registered: October 2008
Location: France
Senior Member
Dear Zsolt,

Thank you very much for your support and smart help. I now understand how to build dynamic queries using Sqlexp with U++. This approach is very new for me and completely different from CB and wxWidgets/DatabaseLayer.

This topic could be now considered closed.

Thanks again

Have a nice week-end

Kind regards Smile

Biobytes
Previous Topic: SQlite3: my problem or bug?
Next Topic: Compiling error for mysql
Goto Forum:
  


Current Time: Fri Mar 29 13:41:29 CET 2024

Total time taken to generate the page: 0.01735 seconds