0

I am pretty new to delphi and I would like to ask how can I create a correct SQL statement / SQL string in delphi.

I have tried something like this:

 sql:='use [TestovaciaDb] INSERT INTO [dbo].[client]([Meno],[Priezvisko]) VALUES('+name+','+surname+')';

I am using MS SQL server 2012

But I am getting a exception there. Thank you

EDIT:

meno and priez are variables with values from TEdit1 and TEdit2:

 meno:= Edit1.Text;
 priez:= Edit2.Text;
Improve this question
1
  • 4
    The same way as you'd write it in your DB management application, just use parameters e.g. 'INSERT INTO client (Meno, Priezvisko) VALUES (:Meno, :Priezvisko)';. Then you'll need to fill parameter values in your query component. And, when you're asking for help, you have to provide relevant information. That you got "an exception" is pointless here. You need to provide the exact error message you got. Also would be more than useful to tell us which DB component you used (e.g. TADOQuery). Commented Mar 18, 2014 at 14:05

3 Answers 3

Reset to default
7

Use parameterized queries. You set the database in your ConnectionString, so you don't need to `use' it in your query.

ADOQuery1.SQL.Text := 'INSERT INTO [dbo].[client] ([Meno],[Priezvisko]) ' +
                      'VALUES(:Meno, :Priezvisko)';
ADOQuery1.Parameters.ParamByName('Meno').Value := Edit1.Text;
ADOQuery1.Parameters.ParamByName('Priezvisko').Value := Edit2.Text;
ADOQuery1.ExecSQL;
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

You can use AsString instead of setting ParamType and Value separately: ADOQuery1.Parameters.ParamByName('Meno').AsString := Edit1.Text;
@Remy: AsString isn't available for TADOQuery.Parameters.ParamByName('Meno') when I checked it. (Just checked again in D2007, and it's not there either in XE5.) It's there for the other datasets, but not for ADO.
Thank you. It worked, but for ParamType, I get this: TParameter does not contain a member named "ParamType". So I commented out that line and it worked. So I would like to ask what is purpose of that line with ParamType:= ftString; ?Thank you
@user2886091: Are you using DBExpress or ADO for database access? My answer is based on TADOQuery, which is for ADO. If you're using DBExpress, you probably don't need it.
I forget that ADO is different than other DB systems. You will have to replace AsString with Value and ParamType with DataType: ADOQuery1.Parameters.ParamByName('Meno').DataType := ftString; ADOQuery1.Parameters.ParamByName('Meno').Value := Edit1.Text;
|
1

Remove the use [xxx] at the begining of the statement. The connection you use must be already configured to point to the correct database. Just like many others said, avoid creating your sentences by using constants, instead, use paramenters.

Improve this answer

Comments

0

http://docwiki.embarcadero.com/Libraries/XE3/en/System.SysUtils.QuotedStr

Use QuotedStr function. For example 

sql:='use [TestovaciaDb] INSERT INTO [dbo].[client]([Meno],[Priezvisko]) VALUES('+QuotedStr(name)+','+QuotedStr(surname)+')';

Use QuotedStr to convert the string S to a quoted string. A single quotation mark (') is inserted at the beginning and end of S, and each single quotation mark in the string is repeated. To remove the quotation marks from a quoted string, use the AnsiDequotedStr routine.

Improve this answer

2 Comments

QuotedStr would be OK for SQL Server, but not MySQL or any other database that allows \' as an escape
@GerryColl: MySQL also supports doubling quote characters to signify a single quote character, so QuotedStr will be fine.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.