This project is read-only.

Using Parameters with SQLExec

Topics: Attention VFPX Admins, Enhancement Request
Mar 13, 2014 at 2:54 AM
SQLExec(goCnct.nHnd,[Insert Into UPResID ("id","desc","newid","reservedid") Values ('mytest123456',?This.oRecord.desc,?This.oRecord.newid,?This.oRecord.reservedid)],"",laCnt)
I could not find the above idea documented anywhere in the VFP help file. This allows you to avoid SQL injection by using parameters for values not just with the where clause. As you can see I am using properties from an object and it get correctly inserted into the database. It also solves the problem where character data contains and SQL delimiter. I think some discussion about should be added to the VFP documentation.