procedure TformVet.sdaClick(Sender: TObject);
var anID, anT, anN, anG, anSp, anSi, anDR, anDF, anPD, anTr, anO : String;
anRID, anRT, anRN, anRG, anRSp, anRSi, anRDR, anRDF, anRPD, anRTr, anRO : String;
begin
ShowMessage('If you are not searching for a specific group of data, leave the input field empty!');
anID := InputBox('Animal ID','What is the ID of the Animal you are searching for?','');
anT := InputBox('Animal Type','What is the type of Animal you are searching for?','');
anN := InputBox('Animal Name','What is the name of the Animal you are searching for?','');
anG := InputBox('Animal Genus','What is the genus of the Animal you are searching for?','');
anSp := InputBox('Animal Species','What is the species of the Animal you are searching for?','');
anSi := InputBox('Animal Sickness','What is the sickness of the Animal you are searching for?','');
anDR := InputBox('Date Received','What is the date received of the Animal you are searching for?','');
anDF := InputBox('Date Fetched','What is the date fetched of the Animal you are searching for?','');
anPD := InputBox('Paid','What is the status of payment of the Animal''s treatment that you are searching for? (Yes/No)','');
anTr := InputBox('Treatment','What is the cost of the treatment you are searching for?','');
anO := InputBox('Owner ID','What is the ID of the Owner you are searching for?','');
if getLen(anID) > 0 then
anRID := '(AnimalID = ' + anID + ')'
else
anRID := '(AnimalID LIKE "*")';
if getLen(anT) > 0 then
anRT := '(anType = "' + anT + '")'
else
anRT := '(anType LIKE "*")';
if getLen(anN) > 0 then
anRN := '(anName = "' + anN + '")'
else if getLen(anN) = 0 then
anRN := '(anName LIKE "*")';
if getLen(anG) > 0 then
anRG := '(anGenus = "' + anG + '")'
else
anRG := '(anGenus LIKE "*")';
if getLen(anSp) > 0 then
anRSp := '(anSpecie = "' + anSp + '")'
else
anRSp := '(anSpecie LIKE "*")';
if getLen(anSi) > 0 then
anRSi := '(anSick = "' + anSi + '")'
else
anRSi := '(anSick LIKE "*")';
if getLen(anDR) > 0 then
anRDR := '(anDateRec = "' + anDr + '")'
else
anRDR := '(anDateRec LIKE "*")';
if getLen(anDF) > 0 then
anRDF := '(anDateFet = "' + anDf + '")'
else
anRDF := '(anDateFet LIKE "*")';
i := 1;
While i = 1 do
begin
if UpperCase(anPD) = 'YES' then
begin
anRPD := '(anPaid = "-1")';
i := 0;
end
else if UpperCase(anPD) = 'NO' then
begin
anRPD := '(anPaid = "0")';
i := 0;
end
else if getLen(anPD) = 0 then
begin
anRPD := '(anPaid LIKE "*")';
i := 0;
end
else
ShowMessage(anPD + ' is not a valid query!');
end;
if getLen(anTr) > 0 then
anRTr := '(anTreat = ' + anTr + ')'
else
anRTr := '(anTreat LIKE "*")';
if getLen(anO) > 0 then
anRO := '(OwnerID = ' + anO + ')'
else
anRO := '(OwnerID LIKE "*")';
SS := 'SELECT * FROM tblAnimal ';
SS := SS + 'WHERE ' + anRT + ' AND ' + anRN + ' AND ' + anRT + ' AND ' + anRG + ' AND ' + anRSp + ' AND ' + anRSi + ' AND ' + anRDR + ' AND ' + anRDF + ' AND ' + anRPD + ' AND ' + anRTr + ' AND ' + anRO + ';';
adoAnimal.Close;
adoAnimal.SQL.Text := SS;
adoAnimal.ExecSQL;
adoAnimal.Open;
end;
这是我的搜索按钮的代码,它假设查找具有指定数据的记录,但它不起作用。在delphi中运行时的查询会返回,即使您没有输入任何数据也没有结果。
这是在没有输入数据时运行的SQL查询:
SELECT * FROM tblAnimal WHERE (anType LIKE "*") AND (anName LIKE "*") AND (anType LIKE "*") AND (anGenus LIKE "*") AND (anSpecie LIKE "*") AND (anSick LIKE "*") AND (anDateRec LIKE "*") AND (anDateFet LIKE "*") AND (anPaid LIKE "*") AND (anTreat LIKE "*") AND (OwnerID LIKE "*");
这是一个高中项目,任何帮助将非常感谢! `
答案 0 :(得分:1)
不要使用doble引号来分隔字符串,而是使用简单的引号。单引号是引用字符串的标准SQL,您的Delphi组件可能期望它们。表示任何字符的标准通配符也是%,而不是*。
要在Delphi字符串中指定简单引号,您必须编写两个简单的引号:
procedure TformVet.sdaClick(Sender: TObject);
var anID, anT, anN, anG, anSp, anSi, anDR, anDF, anPD, anTr, anO : String;
anRID, anRT, anRN, anRG, anRSp, anRSi, anRDR, anRDF, anRPD, anRTr, anRO : String;
begin
ShowMessage('If you are not searching for a specific group of data, leave the input field empty!');
anID := InputBox('Animal ID','What is the ID of the Animal you are searching for?','');
anT := InputBox('Animal Type','What is the type of Animal you are searching for?','');
anN := InputBox('Animal Name','What is the name of the Animal you are searching for?','');
anG := InputBox('Animal Genus','What is the genus of the Animal you are searching for?','');
anSp := InputBox('Animal Species','What is the species of the Animal you are searching for?','');
anSi := InputBox('Animal Sickness','What is the sickness of the Animal you are searching for?','');
anDR := InputBox('Date Received','What is the date received of the Animal you are searching for?','');
anDF := InputBox('Date Fetched','What is the date fetched of the Animal you are searching for?','');
anPD := InputBox('Paid','What is the status of payment of the Animal''s treatment that you are searching for? (Yes/No)','');
anTr := InputBox('Treatment','What is the cost of the treatment you are searching for?','');
anO := InputBox('Owner ID','What is the ID of the Owner you are searching for?','');
if getLen(anID) > 0 then
anRID := '(AnimalID = ' + anID + ')'
else
anRID := '(AnimalID LIKE ''%'')';
if getLen(anT) > 0 then
anRT := '(anType = ''' + anT + ''')'
else
anRT := '(anType LIKE ''%'')';
if getLen(anN) > 0 then
anRN := '(anName = ''' + anN + ''')'
else if getLen(anN) = 0 then
anRN := '(anName LIKE ''%'')';
if getLen(anG) > 0 then
anRG := '(anGenus = ''' + anG + ''')'
else
anRG := '(anGenus LIKE ''%'')';
if getLen(anSp) > 0 then
anRSp := '(anSpecie = ''' + anSp + ''')'
else
anRSp := '(anSpecie LIKE ''%'')';
if getLen(anSi) > 0 then
anRSi := '(anSick = ''' + anSi + ''')'
else
anRSi := '(anSick LIKE ''%'')';
if getLen(anDR) > 0 then
anRDR := '(anDateRec = ''' + anDr + ''')'
else
anRDR := '(anDateRec LIKE ''%'')';
if getLen(anDF) > 0 then
anRDF := '(anDateFet = ''' + anDf + ''')'
else
anRDF := '(anDateFet LIKE ''%'')';
i := 1;
While i = 1 do
begin
if UpperCase(anPD) = 'YES' then
begin
anRPD := '(anPaid = ''-1'')';
i := 0;
end
else if UpperCase(anPD) = 'NO' then
begin
anRPD := '(anPaid = ''0'')';
i := 0;
end
else if getLen(anPD) = 0 then
begin
anRPD := '(anPaid LIKE ''%'')';
i := 0;
end
else
ShowMessage(anPD + ' is not a valid query!');
end;
if getLen(anTr) > 0 then
anRTr := '(anTreat = ' + anTr + ')'
else
anRTr := '(anTreat LIKE ''%'')';
if getLen(anO) > 0 then
anRO := '(OwnerID = ' + anO + ')'
else
anRO := '(OwnerID LIKE ''%'')';
SS := 'SELECT * FROM tblAnimal ';
SS := SS + 'WHERE ' + anRT + ' AND ' + anRN + ' AND ' + anRT + ' AND ' + anRG + ' AND ' + anRSp + ' AND ' + anRSi + ' AND ' + anRDR + ' AND ' + anRDF + ' AND ' + anRPD + ' AND ' + anRTr + ' AND ' + anRO + ';';
adoAnimal.Close;
adoAnimal.SQL.Text := SS;
adoAnimal.ExecSQL;
adoAnimal.Open;
end;
这不应该在真实环境中使用,因为它可以通过SQL注入进行攻击。但作为一个学校的工作,它可能很好(虽然你的老师会很高兴,如果你评论)。
阅读有关SQL注入的更多信息,在生产环境中不使用此类代码非常重要(而应使用参数):https://arstechnica.com/information-technology/2016/10/how-security-flaws-work-sql-injection/