这在SQL Server 2014上运行正常:
UPDATE MYTABLE
SET MYFIELD = MYFIELD + 'the quick brown fox jumped over the lazy dog'
+ CAST(FOR_DATE AS VARCHAR(30))
将其移植到Delphi中的查询:
SQL.Text := UPDATE MYTABLE SET MYFIELD = MYFIELD
+ "the quick brown fox jumped over the lazy dog"
+ CAST(FOR_DATE AS VARCHAR(30))
这会引发错误:
快速的棕色狐狸跳过懒狗"被视为一列 名字(?)。
文本旁边的单引号也不起作用。
我错过了什么?
答案 0 :(得分:1)
此查询应该可以解决问题,您可以使用QuotedStr函数在字符串中包含引号:
SQL.Text := 'UPDATE MYTABLE SET MYFIELD=MYFIELD + ' +
QuotedStr('the quick brown fox jumped over the lazy dog') +
'+ CAST(FOR_DATE as varchar(30))';
或者如果您想在字符串中包含引号,则需要将其加倍:
SQL.Text := 'UPDATE MYTABLE SET MYFIELD=MYFIELD + ' +
'''the quick brown fox jumped over the lazy dog''' +
'+ CAST(FOR_DATE as varchar(30))';
最后,更好更安全的方法是使用参数化查询,这是防止SQL Injection的唯一方法:
SQL.Text := 'UPDATE MYTABLE SET MYFIELD = MYFIELD + :MyText'+
' + CAST(FOR_DATE AS VARCHAR(30))';
ParamByName('MyText').AsString := 'variable text';