Subject | Re: Dialect 3 Time Field Query |
---|---|
Author | Adam |
Post date | 2006-05-01T00:55:34Z |
--- In firebird-support@yahoogroups.com, "ra8009" <ra8009@...> wrote:
should look something like this (This is IBX code but I don't imagine
that it would be much different with IBO)
qry.sql.text := 'insert into sometable (somefield) values (:mytime);
qry.ParamByName('mytime').AsTime := DateTimePicker1.Time;
qry.ExecSQL;
Using parameters also gives the following benefits:
* Immunity from SQL injection hacks through your edit boxes.
* Prepare the query a single time and you can just substitute the
parameters. If you are running a query inside a loop, then this is a
huge performance benefit.
* Easier to read and maintain code
* No messing around with m/d/yyyy or d/m/yyyy or 12/24 hr time or
trying to insert O'Conner into a surname field, or was
that 'O''Conner'?? (you get the drift)
* Separation of UI from query, allowing different interfaces using
the same business rules.
Adam
>depends
> > Date and time formatting is extremely variable because it often
> > on the way the OS is configured, although dates are worse thantimes
> > because a valid date could potentially be incorrectlyinterpreted.
> > Paramatised queries can be used to take away this headacheentirely.
> > What development environment and connection components are youworking
> > with?empty,
> >
> > Adam
> >
>
> I'm using Delphi 7 and IB Objects 4.3. My queries are coming up
> even when I know there are results. I've tried using both asTime andUse a colon to indicate a string in the query is a parameter. It
> asDateTime with paramByName, but still can't get results. What else
> should I try?
should look something like this (This is IBX code but I don't imagine
that it would be much different with IBO)
qry.sql.text := 'insert into sometable (somefield) values (:mytime);
qry.ParamByName('mytime').AsTime := DateTimePicker1.Time;
qry.ExecSQL;
Using parameters also gives the following benefits:
* Immunity from SQL injection hacks through your edit boxes.
* Prepare the query a single time and you can just substitute the
parameters. If you are running a query inside a loop, then this is a
huge performance benefit.
* Easier to read and maintain code
* No messing around with m/d/yyyy or d/m/yyyy or 12/24 hr time or
trying to insert O'Conner into a surname field, or was
that 'O''Conner'?? (you get the drift)
* Separation of UI from query, allowing different interfaces using
the same business rules.
Adam