Structured Query Language (or SQL, pronounced "Sequel") accesses [RDBMS] instances. In principle, one uses the same SQL to interrogate and update [Oracle], [PostgreSQL], [SQLite], etc. ... databases. In practice however ... :( ---- I think SQL queries should ''look'' structured but tools like Microsoft Query make it very hard to read. So I wanted a program that I could cut and paste from the tool and as it pasted it would structure it, e.g. convert SELECT ORDERS.ORDERNUMBER, ORDERS.CUSTNUM, ORDERITEM.AMOUNT, PART.TYPE, PART.MODEL, PART.PRICE FROM VTHOMAS.ORDERITEM ORDERITEM, VTHOMAS.ORDERS ORDERS, VTHOMAS.PART PART WHERE ORDERS.ORDERNUMBER = ORDERITEM.ORDERNUM AND PART.PARTNUM = ORDERITEM.PARTNUM into SELECT ORDERS.ORDERNUMBER , ORDERS.CUSTNUM , ORDERITEM.AMOUNT , PART.TYPE , PART.MODEL , PART.PRICE FROM VTHOMAS.ORDERITEM ORDERITEM , VTHOMAS.ORDERS ORDERS , VTHOMAS.PART PART WHERE ORDERS.ORDERNUMBER = ORDERITEM.ORDERNUM and PART.PARTNUM = ORDERITEM.PARTNUM so here it is in Tcl package require Tk proc my_textPaste w { $w delete 1.0 end set txt [::tk::GetSelection $w CLIPBOARD] regsub -all {,} $txt "\n ," txt regsub -nocase -all {\sand\s} $txt "\n and " txt $w insert 1.0 $txt } text .t -width 80 -height 40 pack .t bind . <> {my_textPaste %W; break} A testament to the power of the text widget. Let me see, that many lines in Java? I'd still be putting a stream together. - Vincent Thomas ---- Anyone have a good function built to escape user defined variables for inclusion in SQL statements? If so, why not put it here. [MG] mainly accesses MySQL from PHP, and often uses the addslashes() function for escaping data for MySQL queries. So, here it is, extremely simply, in Tcl: proc addslashes {str} { return [string map [list \" "\\\"" \' "\\\'" "\\" "\\\\" "\00" "\\\00"] $str]; };# addslashes % addslashes {This "is" MG's test string} This \"is\" MG\'s test string [CMM] Thanks [MG]. [Pgintcl] does it this way for [postgresql] strings. proc pg_escape_string {s} { return [string map {' '' \\ \\\\} $s] } [DKF]: I was under the impression that PG supports parameterized queries, which is a far superior way to handle this sort of problem (i.e. no worries about whether you got your quoting right...) [NEM] 2008-04-14: Does anyone know if there is a standard way of quoting SQL values safely? My experience is that different SQL engines have different ideas of how to quote characters and even which characters need quoting, which is one factor that makes migrating from one RDBMS to another rather difficult. [schlenk] 2008-04-14: There is no real standard, and quoting depends on context quite a bit. For example string literals are quoted differently to identifiers and quoted differently to patterns in LIKE expressions. In general the best way is to use the parameterized queries wherever possible. ---- [subSQL] implements some SQL commands in Tcl, without need for an external database. ---- This [http://www.unixreview.com/documents/s=10110/ur0612m/] review of '''SQL Hacks''' gives a bit of context for SQL's role. ---- [SQLScreens] ---- Among online tutorials is SQLZoo [http://sqlzoo.net]. ---- !!!!!! %|[Category Acronym] |[Category Database] |[Category Language]|% !!!!!!