Wiki source code of SQL Statement
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | {{figure image="sql_en.png" width="300" clear="h1"/}} | ||
| 2 | |||
| 3 | Actions of type //Database query// allow you to write custom SQL queries and execute them against a database. The database connection must have been setup in the [[database connection menu>>Formcycle.UserInterface.Data.DBConnections]]. The SQL statement may contain [[variables>>Formcycle.UserInterface.Variables]]. | ||
| 4 | |||
| 5 | == Options | ||
| 6 | |||
| 7 | ; Statement | ||
| 8 | : The SQL statement to be executed. | ||
| 9 | |||
| 10 | == Note == | ||
| 11 | |||
| 12 | |||
| 13 | The statement will be executed as a so called //prepared statement//, which prevents SQL injection attacks. You do not need to use simple quotation marks ({{code language="none"}}'{{/code}}). | ||
| 14 | |||
| 15 | (% style="color: rgb(56, 118, 29);" %)**Correct** | ||
| 16 | |||
| 17 | {{code language="sql"}} | ||
| 18 | insert into test_tabelle (firstName, lastName) values ([%tfFirstName%], [%tfLastName%]) | ||
| 19 | {{/code}} | ||
| 20 | |||
| 21 | (% style="color: rgb(204, 0, 0);" %)**Wrong** | ||
| 22 | |||
| 23 | {{code language="sql"}} | ||
| 24 | insert into test_tabelle (firstName, lastName) values ('[%tfFirstName%]', '[%tfLastName%]') | ||
| 25 | {{/code}} |