FROM子句中出现Delphi语法错误,但是-没有FROM子句

时间:2018-11-17 18:08:00

标签: sql syntax-error delphi-2010

我在Delphi的SQL代码中使用插入功能。但是,该程序编译并运行,单击执行插入功能的按钮后,我收到一条消息,提示

  

FROM子句中的语法错误。

在中断程序后,它会突出显示end之前的最后一行代码。如果要删除该行代码并重新运行该程序,则会遇到相同的错误,并且在中断时会突出显示buttonclick过程的end;

请记住,我仍然是该语言的学生和新手。

ADOQuery1.Close;
ADOQuery1.SQL.Add('insert into FPS_Tbl([MatchID],[kills],[standings],[GrenadeKill],[TimePlayed],[Username],[Comments],[Headshots],[Dates])');
ADOQuery1.SQL.Add('values("'+IntToStr(ids)+'","'+IntToStr(Kills)+'","'+standings+'","'+IntToStr(grenKills)+'","'+times+'","'+user+'","'+comment+'","'+IntToStr(HedShots)+'","'+DateToStr(Now)+'");');
ADOQuery1.ExecSQL;

end;
recalls;

recalls是在Richedit中显示表内容的过程。

由于我的SQL语句中没有'From'子句,因此不确定为什么会出现此错误。对于那些提供帮助的人,非常感谢。

2 个答案:

答案 0 :(得分:0)

尝试插入简单的空格以分隔(第一次添加的最后一个单词)和(第二次添加的第一个单词),

ADOQuery1.SQL.Add(' values("'+IntToStr(ids)+'","'+IntToStr(Kills)+'","'+standings+'","'+IntToStr(grenKills)+'","'+times+'","'+user+'","'+comment+'","'+IntToStr(HedShots)+'","'+DateToStr(Now)+'");');

答案 1 :(得分:0)

调用多行SQL查询时,您需要先Clear() SQL,然后再向其Add()行,否则您将添加到上一个查询:

ADOQuery1.Close;
ADOQuery1.SQL.Clear; // <-- ADD THIS!!!
ADOQuery1.SQL.Add('insert into FPS_Tbl([MatchID],[kills],[standings],[GrenadeKill],[TimePlayed],[Username],[Comments],[Headshots],[Dates])');
ADOQuery1.SQL.Add('values("' + IntToStr(ids) + '","' + IntToStr(Kills) + '","' + standings + '","' + IntToStr(grenKills) + '","' + times + '","' + user + '","' + comment + '","' + IntToStr(HedShots) + '","' + DateToStr(Now) + '");');
ADOQuery1.ExecSQL;

否则,请改用Text属性:

ADOQuery1.Close;
ADOQuery1.SQL.Text := 'insert into FPS_Tbl([MatchID],[kills],[standings],[GrenadeKill],[TimePlayed],[Username],[Comments],[Headshots],[Dates]) values("' + IntToStr(ids) + '","' + IntToStr(Kills) + '","' + standings + '","' + IntToStr(grenKills) + '","' + times + '","' + user + '","' + comment + '","' + IntToStr(HedShots) + '","' + DateToStr(Now) + '");');
ADOQuery1.ExecSQL;

也就是说,您的代码受到SQL Injection攻击。您可以通过对所有字符串输入使用AnsiQuotedStr()来避免这种情况:

ADOQuery1.Close;
ADOQuery1.SQL.Clear;
ADOQuery1.SQL.Add('insert into FPS_Tbl([MatchID],[kills],[standings],[GrenadeKill],[TimePlayed],[Username],[Comments],[Headshots],[Dates])');
ADOQuery1.SQL.Add('values("' + IntToStr(ids) + '","' + IntToStr(Kills) + '",' + AnsiQuotedStr(standings,'"') + ',"' + IntToStr(grenKills) + '",' + AnsiQuotedStr(times,'"') + ',' + AnsiQuotedStr(user,'"') + ',' + AnsiQuotedStr(comment,'"') + ',"' + IntToStr(HedShots) + '","' + DateToStr(Now) + '");');
ADOQuery1.ExecSQL;

或者更好的方法是改为使用parameterized query

ADOQuery1.Close;
ADOQuery1.SQL.Clear;
ADOQuery1.SQL.Add('insert into FPS_Tbl([MatchID],[kills],[standings],[GrenadeKill],[TimePlayed],[Username],[Comments],[Headshots],[Dates])');
ADOQuery1.SQL.Add('values(:PId,:PKills,:PStandings,:PGrenKills,:PTimes,:PUser,:PComment,:PHeadShots,:PDate);');
ADOQuery1.Parameters.ParamByName('PId').Value := IntToStr(ids);
ADOQuery1.Parameters.ParamByName('PKills').Value := IntToStr(Kills);
ADOQuery1.Parameters.ParamByName('PStandings').Value := standings;
ADOQuery1.Parameters.ParamByName('PGrenKills').Value := IntToStr(grenKills);
ADOQuery1.Parameters.ParamByName('PTimes').Value := times;
ADOQuery1.Parameters.ParamByName('PUser').Value := user;
ADOQuery1.Parameters.ParamByName('PComment').Value := comment;
ADOQuery1.Parameters.ParamByName('PHeadShots').Value := IntToStr(HedShots);
ADOQuery1.Parameters.ParamByName('PDate').Value := DateToStr(Now);
ADOQuery1.ExecSQL;