Hi, I have a edit box on the maintain screen through which value is coming and it is used in sql query further. Everything works fine but when value with single quote (')is passed through edit box, the sql query fails. Can someone please help me in handle this scenario.
compute adis/i11;
compute SQLADDUSER/A100V = "insert into test values ('ABC','"|testvar|"');";
adis=sys_mgr.engine("SQLORA","SET DEFAULT_CONNECTION CONN_PROJ" );
adis=sys_mgr.engine("SQLORA",SQLADDUSER);
adis=sys_mgr.engine("SQLORA","commit");
Thanks. AnilThis message has been edited. Last edited by: <Kathryn Henning>,
I would tend to use a0 format for testvar and SQLADDUSER, which I have used and it works for me. The a100v format will give a fixed length variable when used, despite having a variable format. a0 is the most useful for this type of process.
Alan. WF 7.705/8.007
September 26, 2014, 07:52 AM
Maintain Wizard
Anil In this scenario is testvar the value that is being passed in from the editbox? If so, is a single quote a valid value? If not you can use JavaScript to make sure that a single quote is not passed in. If it IS a valid character, is the error coming from the compute statement or the SQL insert statement?
WebFOCUS has the QUOTEDSTRING command, but I don't think that will work in Maintain. We may have to pass the variables to a Focexec using the EXEC command and do the SQL INSERT there.
Mark
September 26, 2014, 08:15 AM
Alan B
Anil / Mark
Single quote should pass through the EDIT box unharmed. I've done a quick get on it and seems to be ok.
I've also passed a similar string to SQL Server, with correct insert results as well.This message has been edited. Last edited by: Alan B,