Delphi supports parameterized SQL statement, but I rarely use paramters / params attributes, usually constructive SQL yourself.
Use sql.text: = 'select * from ..where id =' '' edit1.text '' ';
However, this method should be careful about the attack of SQL.
Today, the paramters property of the AdoQuery control is changed, this is simple, and many problems have been discovered. Since I only use an ADOQUERY control, the parameters in the SQL statement and the statement are often changed, so I started using the following code in the program:
........
Adoq.Parameters.Clear; Adoq.Parameters.createParameter (...); // Create parameter 1adoq.parameters.createParameter (...); // Create parameter 2adoq.sql.clear; adoq.sql.assign (Memo1. Text); ..........
Once, it is sometimes normal, sometimes the error is wrong, saying incorrect parameter settings (for Access).
After two days of toss, I found the following code (really strange):
........ adoq.parameters.clear; parami: = adoq.parameters.addparameter; // Create parameter 1PARAMI.NAME: = ...; parami.Value: = ... parami: = adoq .Parameters.addparameter; // creation parameter 2Parami.Name: = ...; parami.value: = ... //adoq.sql.clear; // This sentence cannot be used, adoq.sql.assign (Memo1.Text ); ..........
There is also a name of the creation parameter not only to match the parameter name in the SQL statement, and the order of creating parameters is also consistent with the order of parameters in the SQL statement.
I didn't find anything from the help of Delphi, I really don't understand, and if the SQL statement is non-SELECT shape, it can be.
? ? ?
Ready to read Delphi AdoQuery source code
