Re: Long SQL WHERE clauses

Thu, 24 Aug 2006 07:42:04 -0700 

Sorry about the report. It's tough to get in the habit of editing the subject.


Message: 6
Date: Thu, 24 Aug 2006 08:55:39 +0100
From: "Dominic Burford" <[EMAIL PROTECTED]>
Subject: Long SQL WHERE clauses
To: [EMAIL PROTECTED]
Message-ID:
       <[EMAIL PROTECTED]>
Content-Type: text/plain;charset="iso-8859-1"

Hi

I need some way of executing SQL statements, where the WHERE clause may be very 
long.  I am trying to get the following to work:

Local lcWhereClause
lcWhereClause = <various conditions>

SELECT * FROM <Table> WHERE &lcWhereClause INTO CURSOR curTemp

Where the length of lcWhereClause exceeds 1024 it produces an error. Even when 
I break the statement into two smaller statements, it still errors:

Local lcWhereClause1, lcWhereClause2
lcWhereClause1 = <various conditions>
lcWhereClause2 = <more conditions>

SELECT * FROM <Table> WHERE &lcWhereClause1 AND &lcWhereClause2 INTO CURSOR 
curTemp

How can I get round this?

Regards

Dominic Burford BSc Hons MBCS CITP
Third Party Developer Program Senior Software Engineer


Hi Domenic

That's easy!

Local lcWhereClause
TEXT TO m.lcSQL TEXTMERGE NOSHOW
SELECT * ;
  FROM <Table> ;
  WHERE <<lcWhereClause>> ;
  INTO CURSOR curTemp
ENDTEXT

Use this approach to build the entire query, where clause and all.
Just be careful not to concatenate user entered values into the
m.lcSQL.

Do your queries like this:

lcUserValue = "dangerous sql injection"
select * from table where field = ?uservalue

and you'll neatly avoid sql injection attacks.

Don't be sold on stored procedures. If all you're doing is queries,
there's no performance benefit whatsoever. There was a performance
benefit in SQL 6.5, but that's ancient history.


_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.

Reply via email to