SQL statement formation

2013-03-12 Thread Mike Copeland
Here's a question that I should know the answer to, but I'll admit it confuses me. When forming an SQL statement in VFP to pass through to MYSQL (or MariaDB), I use a combination of and ' delimiters. For example sqlStatement = select Fname, Lname from customer where Fname like '%Bob%'

RE: SQL statement formation

2013-03-12 Thread Tracy Pearson
Mike Copeland wrote on 2013-03-12: Here's a question that I should know the answer to, but I'll admit it confuses me. When forming an SQL statement in VFP to pass through to MYSQL (or MariaDB), I use a combination of and ' delimiters. For example sqlStatement = select Fname,

Re: SQL statement formation

2013-03-12 Thread Mike Copeland
That's what I was afraid of... So, is it an option to escape the ' and with \? Like this: [select Lname from customer where Fname like 'O\'Mally'] Mike Original Message Subject: Re: SQL statement formation From: Tracy Pearson tr...@powerchurch.com To: profoxt

RE: SQL statement formation

2013-03-12 Thread Richard Kaye
formation That's what I was afraid of... So, is it an option to escape the ' and with \? Like this: [select Lname from customer where Fname like 'O\'Mally'] Mike Original Message Subject: Re: SQL statement formation From: Tracy Pearson tr...@powerchurch.com Mike

Re: SQL statement formation

2013-03-12 Thread Frank Cazabon
Mike, if you use parameters, then you won't have to worry about extra double or single quotes. cName = %Bob% sqlStatement = select Fname, Lname from customer where Fname like ?cName Frank. Frank Cazabon On 12/03/2013 02:10 PM, Mike Copeland wrote: Here's a question that I should know the

RE: SQL statement formation

2013-03-12 Thread Richard Kaye
To: profoxt...@leafe.com Subject: Re: SQL statement formation On Tue, Mar 12, 2013 at 3:22 PM, Frank Cazabon frank.caza...@gmail.comwrote: if you use parameters, then you won't have to worry about extra double or single quotes. +1 You need to safely escape the text of all unsafe content

Re: SQL statement formation

2013-03-12 Thread MB Software Solutions, LLC
On 3/12/2013 3:22 PM, Frank Cazabon wrote: Mike, if you use parameters, then you won't have to worry about extra double or single quotes. cName = %Bob% sqlStatement = select Fname, Lname from customer where Fname like ?cName Frank. Frank Cazabon Just remember to make sure the variable is

Re: SQL statement formation

2013-03-12 Thread Mike Copeland
Got it, thanks Frank! Original Message Subject: Re: SQL statement formation From: MB Software Solutions, LLC mbsoftwaresoluti...@mbsoftwaresolutions.com To: profoxt...@leafe.com Date: 3/12/2013 3:04 PM On 3/12/2013 3:22 PM, Frank Cazabon wrote: Mike, if you use parameters

Re: SQL statement formation

2013-03-12 Thread Mike Copeland
Okay, I have no problem with using parameters...I'll test it and see if it solves my problem. Mike Original Message Subject: Re: SQL statement formation From: Frank Cazabon frank.caza...@gmail.com To: profoxt...@leafe.com Date: 3/12/2013 2:22 PM Mike, if you use parameters