2

I am doing a PAT for school and I am doing the following how can I correct it. I want to send an entered email address, name, Id number, birth date, gender, town and all is string my statement is:

Adoquery1.sql.text := 'insert into besprekings 
                       values('email', 'name', 'Id', 'birth', 'gender', 'town')';

The fields are as follows:

 Email(string), Name(string), ID(string), Birth(string), Gender(string), town(string)

This is not really homework it is a project that counts 25% of my years mark. I have finished everything but can't get this right. We have to bring in something new that we haven't learned in school and for me that is opening programs like mail(windows 8) and doing this I really apreciate everybody trying to help.

Improve this question
9
  • There is nothing like urgent on StackOverflow! But anyway, when you want to make INSERT query, then do it like INSERT INTO (Column1, Column2) VALUES (Value1, Value2). Commented Aug 6, 2012 at 18:24
  • I tried it like that got error saying syntax error in insert into statement Commented Aug 6, 2012 at 18:33
  • 3
    Welcome to StackOverflow. You need to use parameters in your query, and assign values to the parameters before calling ExecuteSQL. However, since you didn't provide us with any information about what data types you're using, it's pretty hard to help you do so. Also, no question on here is more important or urgent than any other. If you need immediate, urgent assistance, hire a contractor or consultant to do the work for you. StackOverflow is not a "please help me do my homework fast" site. :-) If you edit and post your DB schema (table definition) here, someone might be able to help you. Commented Aug 6, 2012 at 18:45
  • Like insert into tabel1(''column1'',''column2'',''column3'',ect) VALUES(''Value1'',''value2'',''value3'',ect)'; Commented Aug 6, 2012 at 18:45
  • 1
    StackOverflow doesn't work like that, either. If answers are provided, they're posted here so everyone benefits from them; they're not mailed to you personally. Please take a few minutes to read the FAQ to learn how things work here. Maybe you can do that while you're waiting for an answer. :-) Commented Aug 6, 2012 at 18:53

1 Answer 1

Reset to default
9

You need to use parameterized queries, to prevent SQL injection. Even though that might not be something to worry about in your app now, it's best to get in the habit of doing it right in the first place. I'll show a little of the code, and you can figure out how to finish it yourself.

First, properly populate your SQL. Specify the names of the columns you're inserting into, and the parameter names you'll be using to populate them (the parts starting with :):

ADOQuery1.SQL.Clear;
ADOQuery1.SQL.Add('INSERT INTO beskprekings (email, name, Id)');
ADOQuery1.SQL.Add('VALUES (:email, :name, :Id)');

Now put the actual values to insert into the parameters, using the same names you used in your VALUES list:

ADOQuery1.Parameters.ParamByName('email').Value := email;
ADOQuery1.Parameters.ParamByName('name').Value := name;
ADOQuery1.Parameters.ParamByName('id').Value := Id;

Now, execute the query.

The added benefit of doing it with parameterized queries is that, once it's been run once, you can simply repopulate the parameters and run it again; the database will already have done what it needs to to prepare the query (hint: the word I marked has meaning for ADO and other databases - you should look into it) so that it's much faster when you use it again and again.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Thanks I will be sure to try it like that this afternoon and will post my results here
"Don't forget to close it afterwards" You don't have to close an INSERT query. Execute it with EXECSQL, not OPEN....
@user582118: Of course. Forgot this was ADO. The DB I use most allows Open for SELECT, INSERT, UPDATE, and CREATE statements and doesn't require the separate ExecSQL, so I'm in the habit of closing them. Will correct. Thanks for the catch. :-)
I tried it like you said and got a error saying that AsString is a undeclared identifier and that there is a problem with the insert into statement
You know, you really need to start trying to things things through yourself. If you remove the AsString and then put the text cursor right after the ., Delphi will tell you what's available to choose to put there. Value is the obvious choice. As far as "problem with the insert statement", it looks fine, and you've not given any information about what the roblem is - just saying "there's a problem" doesn't help when we're not sitting in front of your screen to see what the problem is, and you don't post the error message.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.