× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I see your point but I'm assuming it's called from another program and
the ONLY parm coming into the CL is the 4 char date representation. I'm
not suggesting passing the entire SQL string into the CL - that could
open a hole. Although not explicitly stated, my example assumed the SQL
is predefined like you mention - either by initialized variables or by
concatenating literal strings with the 4 char parm. Hard to do a
"delete * from mytable" in 4 characters.

JDiggs@xxxxxxxxxxxx 03/05/2009 2:38:12 PM >>>
That sounds like sql injection waiting to happen. I would think
sanitizing a parameter and running a pre-defined sql statement would be
safer. I guess it depends on the environment.


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Roger Harman
Sent: Thursday, March 05, 2009 2:26 PM
To: 'midrange-l@xxxxxxxxxxxx'
Subject: Re: SQL Issue in CL Pgm

Build the command string separately and pass that as the parm

dcl &cmdstr *char 256 (or whatever)
cghvar &cmdstr (concatenate your command here)
strqsh cmd(&cmdstr)


vlittlepp@xxxxxxxxx 03/05/2009 1:41:30 PM >>>
Hi

Would anyone help me on how to pass a *variable *in *Set* when I try to
do *SQL
Update* in a CL program, the detailed as:

I need to set the date in myfile, when I did the following it works
fine:

STRQSH CMD('DB2 "UPDATE MYFILE SET +
MYDATE = "0305" WHERE MYDATE = '' '' "')

But IF the Date is the input parameter of this CL program, it will NOT
update:

PGM PARM(&PPDATE)

DCL VAR(&PPDATE) TYPE(*CHAR) LEN(04)

STRQSH CMD('DB2 "UPDATE MYFILE SET +
MYDATE = *CAT &PPDATE *CAT WHERE MYDATE = '' '' "')

Would anybody helps... thanks a lot!

J
--
This is the RPG programming on the IBM i / System i (RPG400-L) mailing
list To post a message email: RPG400-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/rpg400-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.