with query1 do begin close; add.clear; add.sql('select * from table1 where a='''+edit1.text+''''); open; end;
select * from table1 where a='''+edit1.text+'''
你可以这样写 var s:string; s:=edit1.text; with query1 do begin close; add.clear; add.sql(format('select * from table1 where a=''%s''',[s])); open; end; 问题一定能够解决
'select * from table1 where a='''+edit1.text+'''
同意 hunterht(核桃-俺就是核桃的马甲)QuotedStr()這個函數會自動將單引號替代為兩個單引號﹐在用 ADOQuery1.SQL.Add('select * from table1 where a='''+edit1.text''''); 的時候加上該函數可以防止Edit1.Text中有單引號出錯甚至出現漏洞 改為 ADOQuery1.SQL.Add('select * from table where a='+QuotedStr(edit1.text)); 就不會出錯
ADODataSet1.CommandText := 'select * from table where a = ' + QuotedStr(Edit1.Text);
即‘ select * from table1 where colname=''aaa'' ’
QuotedStr()函数就是这个 ,你可以在帮助里查找到
close;
add.clear;
add.sql('select * from table1 where a='''+edit1.text+'''');
open;
end;
var s:string;
s:=edit1.text;
with query1 do begin
close;
add.clear;
add.sql(format('select * from table1 where a=''%s''',[s]));
open;
end;
问题一定能够解决
ADOQuery1.SQL.Add('select * from table1 where a='''+edit1.text'''');
的時候加上該函數可以防止Edit1.Text中有單引號出錯甚至出現漏洞
改為
ADOQuery1.SQL.Add('select * from table where a='+QuotedStr(edit1.text));
就不會出錯