数据库请求引用
数据库组件
database component 的
Connection 类的方法支持一种引用机制来构建SQL请求。
此引用机制类似于
Subst$ 函数,它将允许您:
出于安全考虑,我强烈建议使用这些方法,千万不要通过简单的字符串串联来构建请求!
替换方法采用一个格式字符串和一个参数列表。
The
&1,
&2... patterns will be replaced by respectively the first, second... argument.
The patterns can be in any order in the format string, and can be repeated.
If you want to specify more that nine arguments, you have to enclose the argument index between
{ and
}:
&{10},
&{11}, and so on.
By default, the argument is supposed to be a SQL value, and the value is quoted according to its datatype into the result string.
自从 3.18
If a substitution pattern in enclosed with square brackets, then the argument is supposed to be a
table name, and the
Connection.Quote method is used to correctly quote the table name into the result string.
If a substitution pattern in enclosed with quotes or backquotes, then the argument is supposed to be a
column name, and the
Connection.Quote method is used to correctly quote the column name into the result string.
Example
' Result with a SQLite database
Print DB.Subst("SELECT ** FROM [&1] WHERE '&2' = &3 ORDER BY '&4'", "Table", "Column1", "a string", "Column2")
SELECT ** FROM "Table" WHERE "Column1" = 'a string' ORDER BY "Column2"
' Result with a SQLite database
Print DB.Subst("SELECT ** FROM [&1] WHERE '&2' = &3 ORDER BY '&4'", "Schema.Table", "Column1", "a string", "Column2")
SELECT ** FROM "Schema"."Table" WHERE "Column1" = E'a string' ORDER BY "Column2"