Originally Posted by
LordQt
what do you mean in detail I cannot follow the logic in your statement
perhaps a snippet might be usefull!
If you mean me:
insert1.prepare("update mytable set filed1= :field1 where partner = 4569 and Date= CONVERT (DATETIME, :date, 120)");
for(int i=0; i < dateList.length();i++)
{
insert1.bindValue(":field1", buf); //<- will escape the content safely if it is e.g. "asdf'; TRUNCATE TABLE mytable;"
buf = buf.left(10);
insert1.bindValue(":date", buf+" 00:00:00");
if(!insert1.exec())
QMessageBox::information(this, tr
("query succesful"),tr
("test: %1").
arg(QString::number(dateList.
length())));
}
QSqlDatabase testdb= QSqlDatabase::database("testdb") ;
QSqlQuery insert1;
insert1.prepare("update mytable set filed1= :field1 where partner = 4569 and Date= CONVERT (DATETIME, :date, 120)");
for(int i=0; i < dateList.length();i++)
{
QString buf = dateList.at(i);
insert1.bindValue(":field1", buf); //<- will escape the content safely if it is e.g. "asdf'; TRUNCATE TABLE mytable;"
buf = buf.left(10);
insert1.bindValue(":date", buf+" 00:00:00");
if(!insert1.exec())
QMessageBox::information(this, tr("query succesful"),tr("test: %1").arg(QString::number(dateList.length())));
}
To copy to clipboard, switch view to plain text mode
Bookmarks