#1 2016-08-18 09:06:44

vga
Member
Registered: 2016-08-18
Posts: 15

about sql with utf8 chars

hello,

    My Code (I use  zeosdbo ):

procedure TFrmMain.btnClick(Sender: TObject);
var
  val: string;
begin
   { --- this do not work,   
   fClient.ExecuteNoResult(formatutf8('update `t_data` set `imgname`=''%''',
    [AnsiToUtf8('錦錦.jpg')]), []);
   }

   // this work fine
    val := '錦錦.jpg';
    fClient.ExecuteNoResult('update `t_data` set `imgname`=?', [AnsiToUtf8(val)]);

  { ----- this will no work ----
    sql := 'update `tb_status` set `imgname`='  + AnsiToUtf8('錦錦.jpg');
    fClient.ExecuteNoResult(sql, []);
  }
end;

Offline

#2 2016-08-18 10:15:10

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,183
Website

Re: about sql with utf8 chars

Which version of Delphi are you using?

Using "%" is very unsafe, and subject to SQL injection.
Using parameters and ? is the way to go, in all cases.

Offline

#3 2016-08-18 19:57:43

vga
Member
Registered: 2016-08-18
Posts: 15

Re: about sql with utf8 chars

thank you.  I use Delphi 2007 & xe2

Offline

Board footer

Powered by FluxBB