German C. Basisty wrote:
I have now a form with a working TPQConnection, a TSQLTransaction, a TSQLQuery with a ‘select * from product’ as SQL, a TDatasource, an a TDBGrid, everithing is working fine and every product is shown on the DBGrid as expected. Now I want to add an TEdit to make posible searching products by name, for example, so when the user writes something on the Edit, the SQLQuery1.SQL should become something like ‘select * from product where name = ‘ + Edit1.Text + ’

I assume you don't want to create an SQL injection bug, so you should either 
properly escape Edit1.Text, or use query parameters instead; see e.g. 
http://wiki.freepascal.org/Secure_programming#Injection. I recommend using 
query parameters.

Regards,

Bram

_________________________________________________________________
    To unsubscribe: mail [EMAIL PROTECTED] with
               "unsubscribe" as the Subject
  archives at http://www.lazarus.freepascal.org/mailarchives

Reply via email to