How to pass NULL value from Unidac Query component in Delphi?
-
06-03-2021 - |
Domanda
When I am using StoredProc component in Delphi using
ParamByname('ParamName').Clear
I'm able to send NULL value.
But how can I pass NULL value when using a Query component?
with Query do
begin
SQL.ADD('exec d_upd_calc'+Quoted(EditCalc.Text));
end
In the above scenario I want to send NULL if the edit box is blank.
I am using Delphi 2010, Unidac with Sybase.
Soluzione
Even in Queries you can work with parameters:
Query.SQL.Text := 'exec d_upd_calc :myparam';
Query.Prepare;
Query.ParamByName('myparam').Clear;
And it's better to use parameters than to build the complete string, because you must not handle quotes and avoid security leaks via SQL-injection.
Altri suggerimenti
With Advantage DB I would do something along these lines:
var
sqlText: string;
with Query do
begin
if EditCalc.Text = '' then
sqlText := 'exec d_upd_calc NULL' else
sqlText := 'exec d_upd_calc '+Quoted(EditCalc.Text);
SQL.ADD(sqlText);
end;
If the keyword is also NULL
then this should work.
Does Quoted
remove/escape any dangerous user input to prevent SQL injection? If yes then it's good. If not then it should.