views:

290

answers:

3

N00b here, having problems escaping strings. I used the QuotedStr() function - shouldn't that be enough.

Unfortunately, the string that I am trying to quote is rather messy, but I will post it here in case anyone wants to paste it into WinMerge or KDiff3, etc.

I am trying to store an entire Delphi form into the database, rather than into a .DFM file. It has only one field, a TEdit edit box.

The debugger shows the form as text as

'object Form1: TScriptForm'#$D#$A'  Left = 0'#$D#$A'  Top = 0'#$D#$A'  Align = alClient'#$D#$A'  BorderStyle = bsNone'#$D#$A'  ClientHeight = 517'#$D#$A'  ClientWidth = 993'#$D#$A'  Color = clBtnFace'#$D#$A'  Font.Charset = DEFAULT_CHARSET'#$D#$A'  Font.Color = clWindowText'#$D#$A'  Font.Height = -11'#$D#$A'  Font.Name = 'MS Sans Serif''#$D#$A'  Font.Style = []'#$D#$A'  OldCreateOrder = False'#$D#$A'  SaveProps.Strings = ('#$D#$A'    'Visible=False')'#$D#$A'  PixelsPerInch = 96'#$D#$A'  TextHeight = 13'#$D#$A'  object Edit1: TEdit'#$D#$A'    Left = 192'#$D#$A'    Top = 64'#$D#$A'    Width = 121'#$D#$A'    Height = 21'#$D#$A'    TabOrder = 8'#$D#$A'  end'#$D#$A'end'#$D#$A

before calling QuotedStr() and

''object Form1: TScriptForm'#$D#$A'  Left = 0'#$D#$A'  Top = 0'#$D#$A'  Align = alClient'#$D#$A'  BorderStyle = bsNone'#$D#$A'  ClientHeight = 517'#$D#$A'  ClientWidth = 993'#$D#$A'  Color = clBtnFace'#$D#$A'  Font.Charset = DEFAULT_CHARSET'#$D#$A'  Font.Color = clWindowText'#$D#$A'  Font.Height = -11'#$D#$A'  Font.Name = ''MS Sans Serif'''#$D#$A'  Font.Style = []'#$D#$A'  OldCreateOrder = False'#$D#$A'  SaveProps.Strings = ('#$D#$A'    ''Visible=False'')'#$D#$A'  PixelsPerInch = 96'#$D#$A'  TextHeight = 13'#$D#$A'  object Edit1: TEdit'#$D#$A'    Left = 192'#$D#$A'    Top = 64'#$D#$A'    Width = 121'#$D#$A'    Height = 21'#$D#$A'    TabOrder = 8'#$D#$A'  end'#$D#$A'end'#$D#$A'''

afterwards.

The strange thing is that my complete command

'INSERT INTO designerFormDfm(designerFormDfmText) VALUES ("'object Form1: TScriptForm'#$D#$A'  Left = 0'#$D#$A'  Top = 0'#$D#$A'  Align = alClient'#$D#$A'  BorderStyle = bsNone'#$D#$A'  ClientHeight = 517'#$D#$A'  ClientWidth = 993'#$D#$A'  Color = clBtnFace'#$D#$A'  Font.Charset = DEFAULT_CHARSET'#$D#$A'  Font.Color = clWindowText'#$D#$A'  Font.Height = -11'#$D#$A'  Font.Name = ''MS Sans Serif'''#$D#$A'  Font.Style = []'#$D#$A'  OldCreateOrder = False'#$D#$A'  SaveProps.Strings = ('#$D#$A'    ''Visible=False'')'#$D#$A'  PixelsPerInch = 96'#$D#$A'  TextHeight = 13'#$D#$A'  object Edit1: TEdit'#$D#$A'    Left = 192'#$D#$A'    Top = 64'#$D#$A'    Width = 121'#$D#$A'    Height = 21'#$D#$A'    TabOrder = 8'#$D#$A'  end'#$D#$A'end'#$D#$A''");'

executes in a MySql console, but not from Delphi, where I pass that command as parameter command to a function which

  ADOCommand.CommandText := command;
  ADOCommand.CommandType := cmdText;
  ADOCommand.Execute();

I can only assume that I am having problems escpaing sequences which contain single quotes (and QuotedStr() doesn't seem to escape backslahes(?!))

What am I doing that is obviously, glaringly wrong?

+7  A: 

The short answer - use the parameterized query !

da-soft
+1 since 6 others voted it up. Now, the n00b question - what does that mean? Nvm, I'll google it.
Mawg
No need to google, see @RRUZ helpful answer
Mawg
+6  A: 

@mawg, the @da-soft suggestion is ok , the best way to interact with inserts and updates is using parameters.

check this sample

var
ADOCommand : TADOCommand;
begin
  ADOCommand:=TADOCommand.Create(nil);
  try
   ADOCommand.Connection:=AdoConnection;
   ADOCommand.Parameters.Clear;
   ADOCommand.CommandText:='INSERT INTO designerFormDfm (designerFormDfmText) VALUES (:designerFormDfmText)';
   ADOCommand.ParamCheck:=False;
   ADOCommand.Parameters.ParamByName('designerFormDfmText').Value:= YourData;
   ADOCommand.Execute;
  finally
  ADOCommand.Free;
  end;
end;
RRUZ
Thanks very much, that was much more helpful :-) I'll try it and let you know.
Mawg
Assigning to ADOCommand.CommandText gives "Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another". I will google for a solution and report back
Mawg
@mawg, wich version of delphi are you using?
RRUZ
Delphi 7 - I'd like to have 2010, but simply can't afford it :-(
Mawg
@mawg, try running your app outside of the Delphi ide and see what happens.
RRUZ
A: 

Can someone show an example of dbExpress using parameters like that? Otherwise it looks like either the NO_BACKSLASH_ESCAPES SQL mode or a Delphi function like PHP and C have, the customized pack/unpack approach.

No offence intended, but you might have more luck if you post your own new question, rather than posting to an already closed question. Good luck. (or, just google for NO_BACKSLASH_ESCAPES SQL example delphi and get something like ADOConnection1.Execute('set SQL_MODE=''NO_BACKSLASH_ESCAPES''');
Mawg