Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Programming
 Excecutesql(INSERT INTO)

Author  Topic 

tony89
Starting Member

2 Posts
Posted - 2011-12-13 : 18:29:36
Hello,

I'm working in a MFC app in Visual C++ doing insertion into MS Access Database.
CDatabase db;
SqlString = "INSERT INTO ....";
db.ExecuteSQL( SqlString );


How can I organize my variable arguments into Sql String, so that it can be executed ?

SqlString = ("INSERT INTO Tabla1(date, reciver)VALUES(%s,%d)",i, getDate( ));

is not right, what could be the right way to having variable arguments ?

thank you

Lamprey
Master Smack Fu Yak Hacker

4614 Posts
Posted - 2011-12-13 : 18:57:41
I'd advocate that you do all your data access through stored procedures. I think it's better to code your C++ as you can type the parameters better and not have to cast things to strings.

If you want to continue down the path you are on, then you need to wrap the date string in single quotes. Additionally, you'll want to use an ISO8601 format so SQL won't misinterpret Days and Months (yyyy-mm-ddThh:mi:ss.mmm or with time zone: yyyy-mm-ddThh:mi:ss.mmmZ). ALso, you'll probalby want to use quoted-identifiers for reserved words. So, your SqlString, when output, should look something like:
INSERT Table1 ([date], receiver) VALUES ('2011-12-13T12:34:56.123', <receiver value>)
Go to Top of Page

visakh16
Very Important crosS Applying yaK Herder

52326 Posts
Posted - 2011-12-13 : 23:20:53
see why iso format is recommended for date values


http://visakhm.blogspot.com/2011/12/why-iso-format-is-recommended-while.html

------------------------------------------------------------------------------------------------------
SQL Server MVP
http://visakhm.blogspot.com/
Go to Top of Page

Kristen
Test

22859 Posts
Posted - 2011-12-14 : 08:29:45
If you aren't going to use Stored Procedures then look into Parametrised Queries instead. Solves the problem of Date Format conversion etc (as you can just use a native Visual C++ Date object as a parameter and the database layer will take care of ensuring that it is transmitted to SQL in the right format), and you will also avoid SQL Injection issues and so on; plus you should have much better (i.e. orders-of-magnitude in some areas) performance too.
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site