German C. Basisty wrote:
I have now a form with a working TPQConnection, a TSQLTransaction, a TSQLQuery with a ‘select * from product’ as SQL, a TDatasource, an a TDBGrid, everithing is working fine and every product is shown on the DBGrid as expected. Now I want to add an TEdit to make posible searching products by name, for example, so when the user writes something on the Edit, the SQLQuery1.SQL should become something like ‘select * from product where name = ‘ + Edit1.Text + ’
I assume you don't want to create an SQL injection bug, so you should either properly escape Edit1.Text, or use query parameters instead; see e.g. http://wiki.freepascal.org/Secure_programming#Injection. I recommend using query parameters. Regards, Bram _________________________________________________________________ To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject archives at http://www.lazarus.freepascal.org/mailarchives
