admin管理员组文章数量:1429924
I am writing an SQL query as a Javascript string like that:
SQLdetail = 'SELECT [Avis SAP], Avis.[Ordre SAP], [Date Appel], [Heur Appel], Client_List![Code Client], [Numero Passerelle], [Designation Appel], Ordre![Metier], Ordre!Repercussion, Ordre!Objet, Ordre![Profil Panne], Ordre!Cause, Ordre![Sommaire Correctif], Ordre![Statut]'
SQLdetail += ' FROM (Avis'
SQLdetail += ' LEFT JOIN Client_List ON Avis.[Numero Client] = Client_List.[Numero Client])'
SQLdetail += ' LEFT JOIN Ordre ON Avis.[Ordre SAP] = Ordre.[Ordre SAP] WHERE Avis.[Date Appel] BETWEEN #' & DateOne & '# AND #' & DateTwo & '#;'
alert('SQLdetail:' + SQLdetail)
and the last SQLdetail += somehow returns "0". Am I missing something in the syntax that just turns the whole string to a 0?
I am writing an SQL query as a Javascript string like that:
SQLdetail = 'SELECT [Avis SAP], Avis.[Ordre SAP], [Date Appel], [Heur Appel], Client_List![Code Client], [Numero Passerelle], [Designation Appel], Ordre![Metier], Ordre!Repercussion, Ordre!Objet, Ordre![Profil Panne], Ordre!Cause, Ordre![Sommaire Correctif], Ordre![Statut]'
SQLdetail += ' FROM (Avis'
SQLdetail += ' LEFT JOIN Client_List ON Avis.[Numero Client] = Client_List.[Numero Client])'
SQLdetail += ' LEFT JOIN Ordre ON Avis.[Ordre SAP] = Ordre.[Ordre SAP] WHERE Avis.[Date Appel] BETWEEN #' & DateOne & '# AND #' & DateTwo & '#;'
alert('SQLdetail:' + SQLdetail)
and the last SQLdetail += somehow returns "0". Am I missing something in the syntax that just turns the whole string to a 0?
- What is in variables DateOne and DateTwo? Is it a string? If not you many want to convert to a string. – John Hartsock Commented Nov 14, 2011 at 17:42
-
2
I hope you won't be using JS to generate SQL which is sent to a server to be executed, otherwise I hope you'll enjoy mean users hacking the script to send
DROP DATABASE database();– Marc B Commented Nov 14, 2011 at 17:43 - Why are you constructing SQL with javascript? This should be done server side. – jrummell Commented Nov 14, 2011 at 17:43
-
2
I have a question! What do you want to do with your
SQLin JavaScript? – Abdul Munim Commented Nov 14, 2011 at 17:45 - ok ppl relax, its an internal web app I have no choice but to use client side and access 2003... – sebastien leblanc Commented Nov 14, 2011 at 17:57
5 Answers
Reset to default 2You're mixing with VB syntax. In JavaScript you must concatenate string with +
SQLdetail += ' LEFT JOIN Ordre ON Avis.[Ordre SAP] = Ordre.[Ordre SAP] WHERE Avis.[Date Appel] BETWEEN #' + DateOne + '# AND #' + DateTwo + '#;'
What are with the &? : BETWEEN #' & DateOne & '# AND #' & DateTwo & '#;'
Change to a +
If this is Javascript you need to use + instead of & here:
SQLdetail += ' LEFT JOIN Ordre ON Avis.[Ordre SAP] = Ordre.[Ordre SAP] WHERE Avis.[Date Appel] BETWEEN #' & DateOne & '# AND #' & DateTwo & '#;'
You are using a bitwise operator in your code:
& DateTwo &
This doesn't join strings. Use a +:
+ DateTwo +
Other than that, why in the world are you generating your SQL with JavaScript???
The only way you can send it to your server is through the browser, which means that I have total control over the request.
Basically, you are giving me root privileges to your database. I'm nice and won't abuse it, but I can only speak for myself.
You are using & to concatenate instead of +
本文标签: Javascript string syntax to write SQLStack Overflow
版权声明:本文标题:Javascript string syntax to write SQL - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745458081a2659196.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论