Re: [fpc-pascal] Sqldb - How to pass an array of values as a param to be used with SQL IN operator?

2016-04-10 Thread Tony Caduto
Well, I guess if there is no user input going into the query it's not a big dea,l of course if there is you should at least sanitize it to prevent injection. On Apr 10, 2016 2:39 PM, "Luiz Americo Pereira Camara" < luizameri...@gmail.com> wrote: > > > 2016-04-10 16:29 GMT-03:00 Tony Caduto

Re: [fpc-pascal] Sqldb - How to pass an array of values as a param to be used with SQL IN operator?

2016-04-10 Thread Luiz Americo Pereira Camara
2016-04-10 16:29 GMT-03:00 Tony Caduto : > What about using a stored procedure to do it ? You could pass the list > for the in as a string and handle it in the stored procedure. Of course > that's no help if using sqlite or other that does not support stored > procedures.

Re: [fpc-pascal] Sqldb - How to pass an array of values as a param to be used with SQL IN operator?

2016-04-10 Thread Tony Caduto
What about using a stored procedure to do it ? You could pass the list for the in as a string and handle it in the stored procedure. Of course that's no help if using sqlite or other that does not support stored procedures. On Apr 10, 2016 1:39 PM, "Stephen Chrzanowski"

Re: [fpc-pascal] Sqldb - How to pass an array of values as a param to be used with SQL IN operator?

2016-04-10 Thread Luiz Americo Pereira Camara
2016-04-10 15:39 GMT-03:00 Stephen Chrzanowski : > Due to the nature of the bind mechanism, you won't be able to do it this > way. The only way you'll be able to do that is with your program doing > string substitution instead of doing the bind. Since you're dealing with >

Re: [fpc-pascal] Sqldb - How to pass an array of values as a param to be used with SQL IN operator?

2016-04-10 Thread Luiz Americo Pereira Camara
2016-04-10 11:01 GMT-03:00 Tony Caduto : > Did you try putting quotes around the param ID in the sql query? > in(":myparam") > I am guessing it's the commas that are the problem. > Its the other way around the problem is the quotes See the attached app. When using Select

Re: [fpc-pascal] Sqldb - How to pass an array of values as a param to be used with SQL IN operator?

2016-04-10 Thread Stephen Chrzanowski
The problem with that Tony is that the the bind might make :myparam a string, so you'll be doing a 1-integer to 1-string comparison, which won't give you any results. Essentially you'll be asking for a list of results whos field is equal to "1,2,3,4", not a list of results in which the field in

Re: [fpc-pascal] Sqldb - How to pass an array of values as a param to be used with SQL IN operator?

2016-04-10 Thread Tony Caduto
Did you try putting quotes around the param ID in the sql query? in(":myparam") I am guessing it's the commas that are the problem. Sqlite will accept double qoutes as will MySQL postgres will not though. On Apr 10, 2016 7:40 AM, "leledumbo" wrote: > > But until now

Re: [fpc-pascal] Sqldb - How to pass an array of values as a param to be used with SQL IN operator?

2016-04-10 Thread leledumbo
> But until now i havent figured a way to pass an array of values (mostly integers) to be used with IN operators. That, unfortunately, is not possible. It's a DBMS limitation, parameterized values are actually passed as is to DBMS. So there's nothing you can do unless you can convince DBMS