crackedlogic crackedlogic - 3 years ago 171
SQL Question

How do I fix this SQL update statement as it returns a syntax error in delphi?

Whenever I try to run this code it returns a syntax error, I have followed a few formats from what was posted here, but nothing I do seems to work. How can I fix this?

with adoQuerysupplier do
begin
sql.Clear;
sql.Add('UPDATE SupplierList');
SQL.Add('SET :Column = :newdetail');
SQL.Add('WHERE :Column1 = :OldDetail');
Parameters.ParseSQL(adoQuerysupplier.SQL.Text, True);
Parameters.ParamByName('Column').Value:= column;
Parameters.ParamByName('Column1').Value:= column;
Parameters.ParamByName('newdetail').Value:= newdetail;
Parameters.ParamByName('OldDetail').Value:= olddetail;
ExecSQL;


all variables are strings and are successfully being captured. This is my first question so I apologize in advance if I have any format errors. Please let me know if I need to post anymore more code.

Answer Source

you can't use parameters for field names. if you really have to do that you need to write a big switch statement. alternatively build the query as a string:

sql.Add('UPDATE SupplierList');
SQL.Add('SET [' + column2 + ']  = :newdetail');
SQL.Add('WHERE [' + column1 + '] = :OldDetail');
Parameters.ParseSQL(adoQuerysupplier.SQL.Text, True);
Parameters.ParamByName('newdetail').Value:= newdetail;
Parameters.ParamByName('OldDetail').Value:= olddetail;

Consider possible SQL injection!

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download