• Registered: 2015-02-24
  • Posts: 446

Topic: Prepared SQL Queries ?

Hello Dmitry and all MVD fans,


I've searched the forum but found nothing about prepared SQL queries ? Did I search wrong or nobody ever mentioned this subject ?


Maybe it's no use because you introduced some kind of security mechanism in MVD, but I'll ask anyway smile


Is it possible to use something like :

            query.SQLQuery.Text := 'INSERT INTO tmp_table(tmp_name,tmp_url) VALUES(Name,URL)';
            query.Prepare;
            query.ParamByName( 'Name ').AsString := array1[i*2+1];
            query.ParamByName( 'URL ').AsString := array1[i*2];
            query.ExecSQL;

This is just in case someone tries SQL injections on the sofware we build with MVD or, more simply, if a 

'

occurs in a name, and makes the whole query fail.


And just for fun because it's related  :


http://imgs.xkcd.com/comics/exploits_of_a_mom.png


Cheers


Mathias

I'm a very good housekeeper !
Each time I get a divorce, I keep the house
Zaza Gabor
  • Registered: 2014-02-14
  • Posts: 10,294

Re: Prepared SQL Queries ?

Hello,


It's not supported in the current version.

Dmitry.