The Database now has an Method called EscapeString(str), which can easily accessed by:
;Database db username := "x'; DROP TABLE members; --" username := db.EscapeString(username)
;Database db username := "x'; DROP TABLE members; --" username := db.EscapeString(username)
Thanks for all this work. I'm looking forward to using SQLite with AutoHotKey! I'm usingon Windows 7 64. When I try to run this sample code on a database that I'm now using in a Python program, I have to remove the <> symbols in the #Include statements and append the Include file name with .ahk. If I do that, it stops complaining. Also, the database I'm using has a file extenstion of .db instead of .sqlite. It works in Python and with SQLite Manager in FireFox. Does that matter here? The reason I ask is because no error messages occur until I try to read some data, then I get "A non object value was improperly invoked"
Then in the diagnostic window:
045: columnCount := tables.Columns.Count()
091: ListLines
A problem reading the database?
[/img]
Thank you for the kind words.Thanks again for DBA 0.8!
Select * from table1
Select * from table1 where table1.name = 'święty'
record := {} record.Name := "%name%" record.Passwort := "%loginpassword%" db.Insert(record, "accounts")that's not working, i do not know, how to write that, that it will save the variables.
record.Name := "%name%" record.Passwort := "%loginpassword%"Your expression syntax is wrong, unquoted literals are considered as variables in a expression. Please re-read the AHK help topic expressions.
record.Name := name record.Passwort := loginpassword
Use pure SQL, the Library does not offer any ORM which does check if an Enitity is alread existing in the DB. Use a SQL Where-clause.The second thing is, how can I check if there is already an account with the same name?
username := "Max" foundRow := db.QueryRow("Select * from accounts Where Name = " db.EscapeString(username)) if(IsObject(foundRow )) msgbox % "Whoohoo we have a user with the name: " foundRow.Name else msgbox % "I'm sorry but there is no one called " username
You may encode the whole SQL String in the proper format and pass it to the Query Method. But there are a lot of pitfalls, for example the diffrent db libraries and their support for those encodings.How can I encode string with this query to iso 8859-2 that i will have some effect???
I am getting a lot of ERRORLEVEL =5 errors when using sqlite while running several inserts and selects in rapid succession. Could this be a bug in the library, or is it just a function of sqllite?
#define SQLITE_BUSY 5 /* The database file is locked */
new Row()
actually call new Collection()
instead (since Row extends Collection, the call to __new fell through). However this only happened on the second call... very frustrating. Renaming the class (and references to it) to DBRow fixed it for now.Use long and/or very specific names for your classes OR use subclasses. Class names likeNever name a class anything that could conceivably be used as a regular variable name.
Row
, Table
, Database
, RecordSet
etc is just inviting disaster.row
in one of my functions but since classes are super-global it still referenced the class, so this is technically not a bug in the library itself, but it's still inviting disaster.Please prefix the classes.
It takes a while to debug these errors which are caused by using a variable of the same name as a class.
This is an excerpt of my code that was failing.
The get for rec["status"] failed with a "non-object value invoked".
It took me a while to discover that my use of the variable "row" was causing the error, just like my previous use of a variable called "table".PickList2: if IgnoreEvent() return gui_status("","clear.ico") ; clear statusbar ;------------------------------------------------ ; get request id from selected row ;------------------------------------------------ Gui, ListView, LIST2 ; specify which listview row := LV_GetNext("") ; get selected row number if (row = 0) ; return if no row selected return LV_GetText(requestid, row, 1) ; Get the text from specified column ;------------------------------------------------ ; update form fields for selected request id ;------------------------------------------------ ; use requestid to get all data from request table sql = ( select status, DATE_FORMAT(opendate, '`%m-`%d-`%Y') as opendate, DATE_FORMAT(duedate, '`%m-`%d-`%Y') as duedate, DATE_FORMAT(closedate, '`%m-`%d-`%Y') as closedate, requesttype, concat(modelyear, " ", brand, " ", make) as vehicle, description, priority from request WHERE requestid = %requestid% ) rec := db.QueryRow(sql) status := rec["status"] opendate := rec["opendate"] ...