Thank you all for your usefull help. Best regards, German
-----Mensaje original----- De: Bram Kuijvenhoven [mailto:[EMAIL PROTECTED] Enviado el: martes, 17 de julio de 2007 03:34 a.m. Para: [email protected] Asunto: Re: [lazarus] Another little help with databases German C. Basisty wrote: > I have now a form with a working TPQConnection, a TSQLTransaction, a > TSQLQuery with a 'select * from product' as SQL, a TDatasource, an a > TDBGrid, everithing is working fine and every product is shown on the > DBGrid as expected. Now I want to add an TEdit to make posible searching > products by name, for example, so when the user writes something on the > Edit, the SQLQuery1.SQL should become something like 'select * from > product where name = ' + Edit1.Text + ' I assume you don't want to create an SQL injection bug, so you should either properly escape Edit1.Text, or use query parameters instead; see e.g. http://wiki.freepascal.org/Secure_programming#Injection. I recommend using query parameters. Regards, Bram _________________________________________________________________ To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject archives at http://www.lazarus.freepascal.org/mailarchives _________________________________________________________________ To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject archives at http://www.lazarus.freepascal.org/mailarchives
