Develop Reference

How do safely I add a raw string to a query?

My SQLite query :
let data = db.getAllRows(sql"""
SELECT name, source, uploaded_at, canonical_url, size
FROM table
WHERE name like ?
ORDER BY ? DESC
LIMIT ?
OFFSET ?
""", &"%{query}%", order, limit, offset)
Nim adds single quotes to any string replacing ?. I can manually build the SQL string and then use sql(string), but the input then isn't escaped. Is there some other token apart from ? that does not add '?

To answer your title question: "How to safely add a raw string to a query", you can use dbQuote:
import db_sqlite
let
a = "unes'caped %' string"
b = "my prefix ->"
c = "<- my suffix"
d = b & dbQuote(a) & c
echo d
This will print my prefix ->'unes''caped %'' string'<- my suffix, adding quotes before/after and escaping any ones inside. This string is presumably safe to pass as an sql statement. You should get the same result as if you had used ? with extra parameters.

How to get a value of a label by query string from code behind

I passed the values of a two labels with ID Me.Lbladid1 and Lbldortodorid to query string on myform1
I tried to retrieve these values into other labels on myform2 but only the first query string seam to work but the second returns a null value. Please help. This is my code
'passing the values through query string
Response.Redirect("myform2.aspx?adsid=" & Me.Lbladid1.Text & " & dortodorid=" & Me.Lbldortodorid.Text & " ", False)
'retrieving the query string values on myform2
me.label1.text= Request.QueryString("adsid") 'this works
me.label2.text= Request.QueryString("dortodorid") 'this retuns null value

You likely need to remove the spaces from between the query arguments:
Response.Redirect("myform2.aspx?adsid=" & Me.Lbladid1.Text & "&dortodorid=" & Me.Lbldortodorid.Text , False)

Replace new line from the end of string SQL and update columns

I have a table called Players with two columns Name and PlayerID. I am using SQLite under DB Browser for SQLite.
Unfortunately, all my player's names have a something like a "\n" (a newline) at the end of their Name.
Ex:
"Mark
"
I tried to use Update & Replace for all the names with the following query (I have like 450 rows in the table):
UPDATE Players
SET Name = REPLACE(Name,CHAR(10),'')
WHERE PlayerID <= 500
When I execute something like:
SELECT * FROM Players
WHERE Players.Name LIKE 'Mark'
it'll return no rows because of the end line. Here 'Mark' has no "\n", so it won't be found.
If I execute:
SELECT * FROM Players
WHERE Players.Name LIKE 'Mark
'
it will return my player. (after Mark I pressed enter)
I want to change all my rows from this format
"Mark
"
to this
"Mark"
and save all the changes.
How can I solve my problem? What's wrong?

Solution
The problem was that I had /r at the end of each string, not \n. So I had to use CHAR(13) instead of CHAR(10).
UPDATE Players
SET Name = REPLACE(Name, CHAR(13), '')
Also to remove all line feed characters (\n) I used:
UPDATE Players
SET Name = REPLACE(Name, CHAR(10), '')
Moreover to remove all the spaces () I used:
UPDATE Players
SET Name = REPLACE(Name, ' ', '')

Control Source property: Dcount: Unable to specify Multiple Condition

I have two commands in Microsoft Access 2010 that works fine individually:
=DCount("*","Order","DATE = #" & [Forms]![formOrder]![DATE] & "#")
=DCount("*","Order", "STATUS = 'ST." & [Forms]![formOrder]![StatusType] & "'")
However, when combining them it doesn't work:
=DCount("*","Order","DATE = #" & [Forms]![formOrder]![DATE] & "#" AND "STATUS = 'ST." & [Forms]![formOrder]![StatusType] & "'" )
Any explanation and a possible workaround would be much appreciated?

The third argument to domain aggregate functions like DCount() is a string that is essentially the WHERE clause of a SQL statment without the WHERE keyword. In trying to combine your criteria you are attempting to AND two strings together, which is not valid. That is, your criteria parameter is
"Condition1" AND "Condition2"
which won't work. Instead, you need to put the AND within the string itself
"Condition1 AND Condition2"
In other words, instead of
"Field1 = value1" AND "Field2 = value2"
you need to use
"Field1 = value1 AND Field2 = value2"

You've got too many double quotes:
=DCount("*","Order","DATE = #" & [Forms]![formOrder]![DATE] & "# AND STATUS = 'ST." & [Forms]![formOrder]![StatusType] & "'" )
I removed the one after the second hashmark, and one in front of the word Status.
Essentially, the third part of the DCount function is an SQL WHERE clause without the word "WHERE", and you must follow the same syntax and structure rules as with standard SQL.

How to insert values into sqlite3 using autohotkey

My problem is I am unable to insert values into sqlite3 using autohot key.
My code is:
MyName := name
myTel := telphonenumber
$sSQL := "insert into myTable Values ('" %MyName% "', " %myTel% ");"
and I also tried with ,
$sSQL := "insert into myTable Values ( ' " . MyName . " ', " . myTel . ");"
But neither of these works.
Any suggestion is appreciated..

I've not used AHK with SQLite before, but is it just the query you're having issues with? Try this (note the lack of the colon before the equals sign):
$sSQL = "insert into myTable Values ('%MyName%', '%myTel%');"
Your second attempt produces a query that is technically valid, but it would put a space either side of the name in the database ('John' would be ' John '). Also I'm guessing you don't really want to be using a numeric field in your database for a telephone number? If a number begins with 0 or is to large you could have issues. The version above will insert it as a string.

MyName := name
myTel := telphonenumber
$sSQL := "insert into myTable Values ('" MyName "', '" myTel "');"
I prefer to put the phone number also into apostrophe.
if you do not have a phone number then there is no error:
insert into myTable Values ('John', '' );
and as Gary said right: "If a number begins with 0 or ... issues."
the select of the telephone number 0177... will give you later 177...
better you also use a string for the phone number and not an number format.
create table myTable
(
name TEXT
phone TEXT
) ;