John Wilson wrote:
> Hi Cosmin,
>
> Hopefully I didn't miss the point of your question, but is there a
> reason you can't just say
>
> X := FbCommand.Create('SELECT * FROM TAB WHERE ID=''7''', Connection,
> Transaction);
>
> (not the use of the double "'" around the thing you are looking for).
>
> I use Firebird quite extensively in a number of C# projects, and in the
> beginning I battled with parameters too. Now it doesn't appear as if
> they are often necessary as long as you "quote" your values and criteria
> properly.
>
> Hope that helps?
>
> John.
Using parameters is supposed to be both safe and simple. Safe because
it's harder to be affected by stuff like "SQL Injection" and simple
because you don't need to figure out how to quote a string that itself
includes quotation marks OR how to string-encode a date value. I've been
doing a lot of work with Firebird in the past years and I've always used
parameters, even in cases where parameters added lines of code. I also
hope that using parameters would reduce the amount of
small-object-reallocations (read "string" reallocations) required to
accomplish the task.
_______________________________________________
Delphi-DB mailing list
[email protected]
http://www.elists.org/mailman/listinfo/delphi-db
