Message: 6 Date: Thu, 24 Aug 2006 08:55:39 +0100 From: "Dominic Burford" <[EMAIL PROTECTED]> Subject: Long SQL WHERE clauses To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain;charset="iso-8859-1"Hi I need some way of executing SQL statements, where the WHERE clause may be very long. I am trying to get the following to work: Local lcWhereClause lcWhereClause = <various conditions> SELECT * FROM <Table> WHERE &lcWhereClause INTO CURSOR curTemp Where the length of lcWhereClause exceeds 1024 it produces an error. Even when I break the statement into two smaller statements, it still errors: Local lcWhereClause1, lcWhereClause2 lcWhereClause1 = <various conditions> lcWhereClause2 = <more conditions> SELECT * FROM <Table> WHERE &lcWhereClause1 AND &lcWhereClause2 INTO CURSOR curTemp How can I get round this? Regards Dominic Burford BSc Hons MBCS CITP Third Party Developer Program Senior Software Engineer
Hi Domenic That's easy! Local lcWhereClause TEXT TO m.lcSQL TEXTMERGE NOSHOW SELECT * ; FROM <Table> ; WHERE <<lcWhereClause>> ; INTO CURSOR curTemp ENDTEXT Use this approach to build the entire query, where clause and all. Just be careful not to concatenate user entered values into the m.lcSQL. Do your queries like this: lcUserValue = "dangerous sql injection" select * from table where field = ?uservalue and you'll neatly avoid sql injection attacks. Don't be sold on stored procedures. If all you're doing is queries, there's no performance benefit whatsoever. There was a performance benefit in SQL 6.5, but that's ancient history. _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
