een Information Services
rdim...@evergreeninfo.net
-Original Message-
From: use-livecode [mailto:use-livecode-boun...@lists.runrev.com] On Behalf
Of Peter Haworth
Sent: Sunday, May 22, 2016 1:24 PM
To: How to use LiveCode
Subject: Re: Storing and retrieving data from a SQL database
Glad you
Glad you figured it out Paul.
I'll check out the SQLiteAdmin problem.
On Sun, May 22, 2016 at 7:48 AM Paul Dupuis wrote:
> On 5/20/2016 10:38 PM, Peter Haworth wrote:
> > Tabs shouldn't be a problem so I suspect something else.
> >
> > Have you tried using LC to select the data after updating i
On 5/20/2016 10:38 PM, Peter Haworth wrote:
> Tabs shouldn't be a problem so I suspect something else.
>
> Have you tried using LC to select the data after updating it? As mentioned
> in an earlier post, if you use revDataFromQuery to do the SELECT, be sure
> to use something other than tab/return
On Fri, May 20, 2016 at 12:24 PM, Mike Kerner
wrote:
> That's what I do when I have an indeterminate number of keys, or if I am
> writing generic code that handles data from dissimilar tables in a similar
> way.
>
The more I think of it, it would become a nightmare to build the array.
I'm indee
Tabs shouldn't be a problem so I suspect something else.
Have you tried using LC to select the data after updating it? As mentioned
in an earlier post, if you use revDataFromQuery to do the SELECT, be sure
to use something other than tab/return for the column/row delimiters.
I'm wondering if wha
Apparently, you either DO need to escape certain characters even when
using parametrized queries.
I have the code below: I pass it an array where the description
pArray[7] contains several lines of text from a field and the second
line contains a tab
command updateInDatabase pArray
--
pArray[1
That's what I do when I have an indeterminate number of keys, or if I am
writing generic code that handles data from dissimilar tables in a similar
way. Do what you want, but best practice (with good reason) seems to still
be to use parameterized queries except where you cannot.
On Fri, May 20,
On Wed, May 18, 2016 at 7:17 PM, Mike Kerner
wrote:
> Why not just use parameterized queries?
Is this practical when using a compound query (in a BEGIN/END with dozens
to hundreds of commands)?
It would seem that I would have to make an "interesting" loop to create a
huge array, and and code t
No substitution or escaping involved, although the dictionary makes
constant reference to to substitution which is misleading.
I think it's worth a short explanation of what goes on behind the scenes.
Although executing an sql statement in lc is just one call, it's multiple
calls to the sql libra
On 19/05/2016 16:41, Paul Dupuis wrote:
Mike and Peter: So you're both saying that if I use either:
revExecuteSQL myID, "insert into mytable values(:1,:2)",
"Variable1","Variable2"
OR
revExecuteSQL myID,"insert into mytable values(:1,:2)","myArray"
where myArray[1] has the content for the first
Thank you. I'll try switching my code over to using query parameters.
On 5/19/2016 12:01 PM, Mike Kerner wrote:
> No, it won't escape it, and it won't just substitute it.
>
> Substitution would be
> put "INSERT INTO myTable VALUES("&variable1&comma&variable2&")"
>
> If you were to use substitutio
No, it won't escape it, and it won't just substitute it.
Substitution would be
put "INSERT INTO myTable VALUES("&variable1&comma&variable2&")"
If you were to use substitution in a query, you would have to put quotes
around the contents of variable1 and variable2 before you passed them or
they wou
On 5/19/2016 10:41 AM, Mike Kerner wrote:
> Remember the conversations about handling CSV? All I will tell you from
> escaping data for SQL is...good luck. I accidentally discovered SQL
> injection (as did everyone else, I'm sure) 30 years ago when C/S was just
> getting legs. Since then, we hav
Remember the conversations about handling CSV? All I will tell you from
escaping data for SQL is...good luck. I accidentally discovered SQL
injection (as did everyone else, I'm sure) 30 years ago when C/S was just
getting legs. Since then, we have yet to come up with an escaping scheme
that does
sqlYoga escapes their data. You may want to download it. The source is free now
(correct me if I am wrong), compliments to Trevor DeVore. I bet you could get
his escaping code from that.
Bob S
On May 18, 2016, at 17:16 , Paul Dupuis
mailto:p...@researchware.com>> wrote:
Does anyone have some
As Mike said, there's no need to do that. Use the variables list parameter
when inserting/updating your data, and revQueryDatabase to create a cursor
when selecting the data. RevDataFromQuery would probably work too with the
right column/row delimiters.
On Wed, May 18, 2016, 8:01 PM Lyn Teyla wro
Paul Dupuis wrote:
> Does anyone have some really good (comprehensive) routines to escape and
> unescape text data for storing in a SQL database (like SQLite or MySQL)
HostM’s server-side demo stack comes with a function (look for the one named
"se") that you can use:
https://www.hostm.com/tuto
Why not just use parameterized queries?
On Wed, May 18, 2016 at 8:16 PM, Paul Dupuis wrote:
> Does anyone have some really good (comprehensive) routines to escape and
> unescape text data for storing in a SQL database (like SQLite or MySQL)
>
> basics like:
> replace cr with "\n" in pText -- rep
18 matches
Mail list logo
