Topic: Prepared SQL Queries ?
Hello Dmitry and all MVD fans,
I've searched the forum but found nothing about prepared SQL queries ? Did I search wrong or nobody ever mentioned this subject ?
Maybe it's no use because you introduced some kind of security mechanism in MVD, but I'll ask anyway
Is it possible to use something like :
query.SQLQuery.Text := 'INSERT INTO tmp_table(tmp_name,tmp_url) VALUES(Name,URL)';
query.Prepare;
query.ParamByName( 'Name ').AsString := array1[i*2+1];
query.ParamByName( 'URL ').AsString := array1[i*2];
query.ExecSQL;
This is just in case someone tries SQL injections on the sofware we build with MVD or, more simply, if a
'
occurs in a name, and makes the whole query fail.
And just for fun because it's related :
Cheers
Mathias
Each time I get a divorce, I keep the house
Zaza Gabor