[英]Delphi / MySql : Problems escaping strings
N00b在這里,有問題逃避字符串。 我使用了QuotedStr()函數 - 應該不夠。
不幸的是,我想引用的字符串相當混亂,但我會在這里發布,以防有人想將它粘貼到WinMerge或KDiff3等。
我試圖將整個Delphi表單存儲到數據庫中,而不是存儲到.DFM文件中。 它只有一個字段,一個TEdit編輯框。
調試器將表單顯示為文本
'object Form1: TScriptForm'#$D#$A' Left = 0'#$D#$A' Top = 0'#$D#$A' Align = alClient'#$D#$A' BorderStyle = bsNone'#$D#$A' ClientHeight = 517'#$D#$A' ClientWidth = 993'#$D#$A' Color = clBtnFace'#$D#$A' Font.Charset = DEFAULT_CHARSET'#$D#$A' Font.Color = clWindowText'#$D#$A' Font.Height = -11'#$D#$A' Font.Name = 'MS Sans Serif''#$D#$A' Font.Style = []'#$D#$A' OldCreateOrder = False'#$D#$A' SaveProps.Strings = ('#$D#$A' 'Visible=False')'#$D#$A' PixelsPerInch = 96'#$D#$A' TextHeight = 13'#$D#$A' object Edit1: TEdit'#$D#$A' Left = 192'#$D#$A' Top = 64'#$D#$A' Width = 121'#$D#$A' Height = 21'#$D#$A' TabOrder = 8'#$D#$A' end'#$D#$A'end'#$D#$A
在調用QuotedStr()和之前
''object Form1: TScriptForm'#$D#$A' Left = 0'#$D#$A' Top = 0'#$D#$A' Align = alClient'#$D#$A' BorderStyle = bsNone'#$D#$A' ClientHeight = 517'#$D#$A' ClientWidth = 993'#$D#$A' Color = clBtnFace'#$D#$A' Font.Charset = DEFAULT_CHARSET'#$D#$A' Font.Color = clWindowText'#$D#$A' Font.Height = -11'#$D#$A' Font.Name = ''MS Sans Serif'''#$D#$A' Font.Style = []'#$D#$A' OldCreateOrder = False'#$D#$A' SaveProps.Strings = ('#$D#$A' ''Visible=False'')'#$D#$A' PixelsPerInch = 96'#$D#$A' TextHeight = 13'#$D#$A' object Edit1: TEdit'#$D#$A' Left = 192'#$D#$A' Top = 64'#$D#$A' Width = 121'#$D#$A' Height = 21'#$D#$A' TabOrder = 8'#$D#$A' end'#$D#$A'end'#$D#$A'''
然后。
奇怪的是,我完整的命令
'INSERT INTO designerFormDfm(designerFormDfmText) VALUES ("'object Form1: TScriptForm'#$D#$A' Left = 0'#$D#$A' Top = 0'#$D#$A' Align = alClient'#$D#$A' BorderStyle = bsNone'#$D#$A' ClientHeight = 517'#$D#$A' ClientWidth = 993'#$D#$A' Color = clBtnFace'#$D#$A' Font.Charset = DEFAULT_CHARSET'#$D#$A' Font.Color = clWindowText'#$D#$A' Font.Height = -11'#$D#$A' Font.Name = ''MS Sans Serif'''#$D#$A' Font.Style = []'#$D#$A' OldCreateOrder = False'#$D#$A' SaveProps.Strings = ('#$D#$A' ''Visible=False'')'#$D#$A' PixelsPerInch = 96'#$D#$A' TextHeight = 13'#$D#$A' object Edit1: TEdit'#$D#$A' Left = 192'#$D#$A' Top = 64'#$D#$A' Width = 121'#$D#$A' Height = 21'#$D#$A' TabOrder = 8'#$D#$A' end'#$D#$A'end'#$D#$A''");'
在MySql控制台中執行,但不是從Delphi執行,我將該命令作為參數command
傳遞給函數
ADOCommand.CommandText := command;
ADOCommand.CommandType := cmdText;
ADOCommand.Execute();
我只能假設我遇到問題escpaing包含單引號的序列(並且QuotedStr()似乎沒有轉義后退(?!))
我在做什么顯然是明顯錯誤的?
@mawg,@ da-soft建議沒問題,與插入和更新交互的最佳方法是使用參數。
檢查這個樣本
var
ADOCommand : TADOCommand;
begin
ADOCommand:=TADOCommand.Create(nil);
try
ADOCommand.Connection:=AdoConnection;
ADOCommand.Parameters.Clear;
ADOCommand.CommandText:='INSERT INTO designerFormDfm (designerFormDfmText) VALUES (:designerFormDfmText)';
ADOCommand.ParamCheck:=False;
ADOCommand.Parameters.ParamByName('designerFormDfmText').Value:= YourData;
ADOCommand.Execute;
finally
ADOCommand.Free;
end;
end;
簡答 - 使用參數化查詢!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.