update a table in a database
-
Hi, I have a question I want to update my table with values like this
CString valuestr="('"+m_comm+"','"+m_sp+"')"; CString req="UPDATE T_Port SET CommPort='%s', Speed=' s'"+valuestr; database.ExecuteSQL(req);And I have an error: non valide use of '!','.',or'()' in expression "%S'('COM4','9600')' -
Hi, I have a question I want to update my table with values like this
CString valuestr="('"+m_comm+"','"+m_sp+"')"; CString req="UPDATE T_Port SET CommPort='%s', Speed=' s'"+valuestr; database.ExecuteSQL(req);And I have an error: non valide use of '!','.',or'()' in expression "%S'('COM4','9600')'zizzzz wrote:
CString req="UPDATE T_Port SET CommPort='%s', Speed=' s'"+valuestr;
What is %s in your query? I do not believe that format specifiers are allowed in queries. You might be better off rewriting your query as : CString req; req.Format("UPDATE T_Port SET CommPort='%s', Speed='%s'", m_comm, m_sp); database.Execute(req);
-
zizzzz wrote:
CString req="UPDATE T_Port SET CommPort='%s', Speed=' s'"+valuestr;
What is %s in your query? I do not believe that format specifiers are allowed in queries. You might be better off rewriting your query as : CString req; req.Format("UPDATE T_Port SET CommPort='%s', Speed='%s'", m_comm, m_sp); database.Execute(req);
-
Hi, I have a question I want to update my table with values like this
CString valuestr="('"+m_comm+"','"+m_sp+"')"; CString req="UPDATE T_Port SET CommPort='%s', Speed=' s'"+valuestr; database.ExecuteSQL(req);And I have an error: non valide use of '!','.',or'()' in expression "%S'('COM4','9600')'zizzzz wrote:
CString req="UPDATE T_Port SET CommPort='%s', Speed=' s'"+valuestr;
The
%swould only be valid if you were usingCString::Format().
"Approved Workmen Are Not Ashamed" - 2 Timothy 2:15
"Judge not by the eye but by the heart." - Native American Proverb
-
Hi, I have a question I want to update my table with values like this
CString valuestr="('"+m_comm+"','"+m_sp+"')"; CString req="UPDATE T_Port SET CommPort='%s', Speed=' s'"+valuestr; database.ExecuteSQL(req);And I have an error: non valide use of '!','.',or'()' in expression "%S'('COM4','9600')'This is method is ripe for SQL injection attacks. This will never work.
CString req="UPDATE T_Port SET CommPort='%s', Speed=' s'"+valuestr;Try something like this.CString req=_T(“”);
req.Format(_T("UPDATE T_Port SET CommPort='%s', Speed=' s'"), valuestr);
But first read this article about dealing with SQL injection attacks SQL Injection Attacks and Some Tips on How to Prevent Them[^]
I'd love to help, but unfortunatley I have prior commitments monitoring the length of my grass. :Andrew Bleakley: