[fpc-pascal] Sqldb - How to pass an array of values as a param to be used with SQL IN operator?
Tony Caduto
tony.caduto at gmail.com
Sun Apr 10 21:42:43 CEST 2016
Well, I guess if there is no user input going into the query it's not a big
dea,l of course if there is you should at least sanitize it to prevent
injection.
On Apr 10, 2016 2:39 PM, "Luiz Americo Pereira Camara" <
luizamericop at gmail.com> wrote:
>
>
> 2016-04-10 16:29 GMT-03:00 Tony Caduto <tony.caduto at gmail.com>:
>
>> What about using a stored procedure to do it ? You could pass the list
>> for the in as a string and handle it in the stored procedure. Of course
>> that's no help if using sqlite or other that does not support stored
>> procedures.
>>
>
> I'm working with multiple DB engines, so i try to avoid non standard
> syntax/features.
> My workaround is working fine, so no need to break this rule
>
> Luiz
>
> _______________________________________________
> fpc-pascal maillist - fpc-pascal at lists.freepascal.org
> http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-pascal/attachments/20160410/67a47500/attachment.html>
More information about the fpc-pascal
mailing list