Javascript string syntax to write SQL

Question

I am writing an SQL query as a Javascript string like that:

  SQLdetail =  'SELECT [Avis SAP], Avis.[Ordre SAP], [Date Appel], [Heur Appel], Client_List![Code Client], [Numero Passerelle], [Designation Appel], Ordre![Metier], Ordre!Repercussion, Ordre!Objet, Ordre![Profil Panne], Ordre!Cause, Ordre![Sommaire Correctif], Ordre![Statut]'
  SQLdetail += ' FROM (Avis' 
  SQLdetail += ' LEFT JOIN Client_List ON Avis.[Numero Client] = Client_List.[Numero Client])' 
  SQLdetail += ' LEFT JOIN Ordre ON Avis.[Ordre SAP] = Ordre.[Ordre SAP] WHERE Avis.[Date Appel] BETWEEN #' & DateOne & '# AND #' & DateTwo & '#;' 
  alert('SQLdetail:' + SQLdetail)

and the last SQLdetail += somehow returns "0". Am I missing something in the syntax that just turns the whole string to a 0?

Answer 1

You are using a bitwise operator in your code:

& DateTwo &

This doesn't join strings. Use a +:

+ DateTwo +

---

Other than that, why in the world are you generating your SQL with JavaScript???

The only way you can send it to your server is through the browser, which means that I have total control over the request.

Basically, you are giving me root privileges to your database. I'm nice and won't abuse it, but I can only speak for myself.

Answer 2

You're mixing with VB syntax. In JavaScript you must concatenate string with +

SQLdetail += ' LEFT JOIN Ordre ON Avis.[Ordre SAP] = Ordre.[Ordre SAP] WHERE Avis.[Date Appel] BETWEEN #' + DateOne + '# AND #' + DateTwo + '#;' 

Answer 3

If this is Javascript you need to use + instead of & here:

SQLdetail += ' LEFT JOIN Ordre ON Avis.[Ordre SAP] = Ordre.[Ordre SAP] WHERE Avis.[Date Appel] BETWEEN #' & DateOne & '# AND #' & DateTwo & '#;' 

Answer 4

What are with the &? : BETWEEN #' & DateOne & '# AND #' & DateTwo & '#;'

Change to a +

Answer 5

You are using & to concatenate instead of +