CDatabase::ExecuteSQL

Fawaz Ajani

Hi everybody! I'm creating a program which use database. My problem is: I use ExecuteSQl() to input data into my database but when i run it, I show an error "too few parameters. Expected 1".

CString path(_T("\',\'")), pathInt(_T("','"), rien(_T("NUL"));
//personne(nom, prenoms, datNais, lieuNais, domicile,commNais, numPiece, sexe, profession, nationalite, numPersP, numPersM)
reqPer = _T("insert into personne values (2014,\'") + nomPer + path + prenPer + path + datNaissPer + path + liNaisPer + path + domPer + _T("\',") + rien + _T(",\'") + numPiecPer + path + _T('M') + path + profPer + path + natPer + _T("\',") + rien + pathInt + rien + _T(")");
database.ExecuteSQL(reqPer);

Lost User

You should check the final value of the reqPer string to see whether the SQL command is correctly formed. I would also strongly suggest you do not create SQL statements in the way you have done, as this leaves your code open to SQL injection, and the potential loss or corruption of your database. See the CRecordSet class[^] for the correct way to do it.

Fawaz Ajani

I saw it, but it's not very clear for me. Please, can you post a sample?!

Lost User

Fawaz Ajani wrote:

Please, can you post a sample?

Sorry, I don't have one. You need to either search for yourself, or spend time reading the documentation.

David Crow

This article does not do any writing or updating, but it may help to point you in the right direction.

"One man's wage rise is another man's price increase." - Harold Wilson

"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons

"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles

Fawaz Ajani

It will be correct, if i use this one?

sql.Format("INSERT INTO NomTable (Colone1,Colonn2, ....) VALUES(%d ,'%s','%s', ....)",m_Variable1,m_Variable2, ....);
db->ExecuteSQL(sql);

Fawaz Ajani

thanks

Fawaz Ajani

Please, I have order problem. when I do this:

CRecordset recordset(&database);
CString temp, query;
query.Format(L"SELECT number FROM personne WHERE numPiece = '%s'", numPiecPer);
recordset.Open(CRecordset::snapshot, query, CRecordset::appendOnly);
while (!recordset.IsEOF())
{
recordset.GetFieldValue((short)0, temp);
messageBox(temp, 0, 0);
recordset.MoveNext();
}

It don't work. :(