sql code not work

Bookstore

	Computer Math and Games in Pascal (preview)
	Lazarus Handbook

Recent

match automatic highlight... by WooBean
[Today at 11:15:00 am]
Tchart with dual numbers ... by wp
[Today at 10:48:18 am]
trunk compiler bug for mi... by Key-Real
[Today at 10:44:52 am]
Generics - correct syntax by VisualLab
[Today at 10:23:16 am]
Compile/Convert Delphi pr... by TRon
[Today at 09:59:52 am]
add new targets to make by Key-Real
[Today at 09:38:23 am]
Debugger crashes with App... by Martin_fr
[Today at 09:29:46 am]
Copyrights Q by BrassGear
[Today at 09:13:14 am]
[SOLVED] how to build the... by Key-Real
[Today at 09:12:33 am]
Quirky windows by tetrastes
[Today at 08:59:06 am]
May be useful to somebody by Handoko
[Today at 07:35:48 am]
How can I draw a rectangl... by Handoko
[Today at 07:30:55 am]
Draw a line in the Scroll... by Handoko
[Today at 07:27:54 am]
Offical launch of the 1 B... by Handoko
[Today at 06:05:11 am]
web development using pas... by Nate897
[Today at 02:04:05 am]
questionable function def... by 440bx
[Today at 01:35:28 am]
Why isn't TTIRadioGroup's... by jamie
[Today at 12:13:45 am]
Same project and two Pcs by caiov1n1c1us
[Today at 12:04:00 am]
v3.99 code completion que... by 440bx
[April 22, 2024, 11:08:26 pm]
[SOLVED]RichMemo StringRe... by KodeZwerg
[April 22, 2024, 08:44:40 pm]
[SOLVED] LAMW/Linux - Ins... by Alcatiz
[April 22, 2024, 08:04:06 pm]
[SOLVED] TimeStampToMSecs... by korba812
[April 22, 2024, 06:23:33 pm]
Access violation when re-... by cdbc
[April 22, 2024, 05:39:59 pm]
FPDebug: Evaluate/Modify ... by bpranoto
[April 22, 2024, 03:14:12 pm]
Your best UI design - con... by lainz
[April 22, 2024, 02:28:00 pm]

« previous next »

Pages: [1]

Author Topic: sql code not work (Read 1080 times)

cryptid

Newbie
Posts: 3

sql code not work

« on: April 02, 2021, 10:17:20 am »

sql code not work

Code: Pascal [Select][+]

procedure TForm1.Edit1KeyPress(Sender: TObject; var Key: char);
begin
  with SQLQuery1 do
    begin
       SQL.Clear;
       SQL.Add('select * from log WHERE user LIKE"'+Edit1.Text+'%"');
       Active:=True; 
    end;
end;

[Edited to add code tags: Please see How to use the Forum.]

« Last Edit: April 02, 2021, 10:37:54 am by trev »

Logged

ttomas

Full Member
Posts: 245

Re: sql code not work

« Reply #1 on: April 02, 2021, 10:33:22 am »

I don't see SPACE after LIKE

Logged

MarkMLl

Hero Member
Posts: 6692

Re: sql code not work

« Reply #2 on: April 02, 2021, 10:38:06 am »

Quote from: ttomas on April 02, 2021, 10:33:22 am

I don't see SPACE after LIKE

Well spotted, probably needs ' %'

MarkMLl

Logged

MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

egsuh

Hero Member
Posts: 1296

Re: sql code not work

« Reply #3 on: April 02, 2021, 11:34:36 am »

Using format can be of help.

SQL.Text:= Format('select * from log where user like ''%s%%'';', [Edit1.Text]);

%s is replaced by Edit1.Text. %% is read as %.

Logged

PierceNg

Sr. Member
Posts: 374

Re: sql code not work

« Reply #4 on: April 02, 2021, 12:03:03 pm »

SQL string construction is vulnerable to SQL injection. Should use parameterization:

Code: Pascal [Select][+]

SQL.Text:= 'select * from log where user like :PATTERN;';
Params.ParamsByName('PATTERN').AsString := Edit1.Text;

See https://bobby-tables.com/.

Logged

Pascal blog posts, open source:
- https://samadhiweb.com/tags/Pascal.html
- https://github.com/PierceNg/fpwebview
- https://github.com/PierceNg/wasm-demo

flori

Full Member
Posts: 196

Re: sql code not work

« Reply #5 on: April 02, 2021, 01:30:53 pm »

Code: Pascal [Select][+]

SQLQuery1.Active:=false;
SQLQuery1.SQL.Clear;
SQLQuery1.SQL.Append('select * from log WHERE user LIKE '''+edit1.Text+'%''');
SQLQuery1.Active:=true 

« Last Edit: April 02, 2021, 01:32:52 pm by flori »

Logged

Pages: [1]

« previous next »

XHTML
RSS
WAP2