<adminsql [options ...] [statement ...]>
adminsql function executes an arbitrary SQL command,
constructed by concatenating its arguments together. The result rows
of the command are printed in an HTML table, with the columns named
after the fields. Unlike the
SQL statement, there is no
restriction on returned field names being valid Vortex variable names
convert(id, 'date') is ok). However, the fields are not
returned; they are simply printed out. The arguments to
adminsql are appended together as one string and executed.
Note that this removes the argument protection afforded by the
SQL statement. Any SQL parameters, like field values, are
given as literals, e.g. string values must be in single quotes.
Several options are available. Note that since
implemented as a user (not builtin) function, options that take
arguments must be quoted atomically with no space, e.g.
SKIP=N Skips the first N result rows (does not print them). Added in version 5.01.1197080000 20071207.
MAX=N Prints at most N result rows (not including
adminsql returns nothing.
<$tbl = "SYSTABLES"> <adminsql "select" " * from " $tbl>
adminsql function was added Oct. 10 1996.
Note: No checking of the SQL is done before execution; it is the
caller's responsibility. The caller must ensure that the statement
is correct, and no "rogue" SQL is being inserted (aka "SQL
injection"), e.g. a value of "
; DROP TABLE xyz" for some
field value. The parameter protections of the
(here) are not applied to
It is safer to use the
SQL statement where possible, which can
protect against SQL injection;
adminsql is primarily useful
only for tables with unknown column names (e.g. "