SQL查询与变量 [英] SQL query with variables
问题描述
嘿,我需要帮助,请...我正在为学校做一个PAT,我正在做如下修改:我想发送输入的电子邮件地址 ,名称, Id 字段如下: 这不是真正的功课,它是一个占我年龄的25%的项目。我已经完成了一切,但不能得到这个权利。我们必须引入一些我们在学校没有学到的东西,对我来说是开放邮件(Windows 8)的程序,这样做我真的感谢所有试图帮助的人。 您需要使用参数化查询来防止SQL注入。即使这可能不是你的应用程序现在担心,最好先习惯于做到这一点。我会显示一些代码,你可以弄清楚如何自己完成。 首先,正确填充你的SQL。指定要插入的列的名称,以及您将要使用的参数名称来填充它们(以 现在将实际值插入到参数中,使用与您在 现在,执行查询。 使用参数化查询执行此操作的附加好处是,一旦运行一次,您可以简单地重新填充参数并再次运行;数据库将已经完成了它需要到 Hey guys I need help with this please... I am doing a PAT for school and I am doing the following how can I correct it... I want to send an entered email address, name, Id
number, birth date, gender, town and all is string my statement is The fields are as follows: This is not really homework it is a project that counts 25% of my years mark. I have finished everything but can't get this right. We have to bring in something new that we haven't learned in school and for me that is opening programs like mail(windows 8) and doing this I really apreciate everybody trying to help You need to use parameterized queries, to prevent SQL injection. Even though that might not be something to worry about in your app now, it's best to get in the habit of doing it right in the first place. I'll show a little of the code, and you can figure out how to finish it yourself. First, properly populate your SQL. Specify the names of the columns you're inserting into, and the parameter names you'll be using to populate them (the parts starting with Now put the actual values to insert into the parameters, using the same names you used in your Now, execute the query. The added benefit of doing it with parameterized queries is that, once it's been run once, you can simply repopulate the parameters and run it again; the database will already have done what it needs to to 这篇关于SQL查询与变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
数字,出生日期,性别, >所有的字符串我的语句是$ / $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $电子邮件,名字,Id,出生,性别,城镇)'
Email(string),Name(string),ID(string),Birth(string),Gender(string),town(string) / pre>
开头的部分:):
ADOQuery1.SQL.Clear;
ADOQuery1.SQL.Add('INSERT INTO beskprekings(email,name,Id)');
ADOQuery1.SQL.Add('VALUES(:email,:name,:Id)');
VALUES 列表:
ADOQuery1.Parameters.ParamByName('email')。 :=电子邮件;
ADOQuery1.Parameters.ParamByName('name')。Value:= name;
ADOQuery1.Parameters.ParamByName('id')。Value:= Id;
准备查询(提示:我标记的单词对ADO和其他数据库有意义 - 你应该研究一下),以便当您一次又一次地使用它时,速度要快得多。Adoquery1.sql.text := 'insert into besprekings
values('email', 'name', 'Id', 'birth', 'gender', 'town')';
Email(string), Name(string), ID(string), Birth(string), Gender(string), town(string)
:):ADOQuery1.SQL.Clear;
ADOQuery1.SQL.Add('INSERT INTO beskprekings (email, name, Id)');
ADOQuery1.SQL.Add('VALUES (:email, :name, :Id)');
VALUES list:ADOQuery1.Parameters.ParamByName('email').Value := email;
ADOQuery1.Parameters.ParamByName('name').Value := name;
ADOQuery1.Parameters.ParamByName('id').Value := Id;
prepare the query (hint: the word I marked has meaning for ADO and other databases - you should look into it) so that it's much faster when you use it again and again.
