View Incident Report

Serious

Reported By: Kunikazu Okada
Reported On: 11/13/2001
For: Version 3.03 Build 1

# 936 TDBISAMQuery Component Does Not Detect Paramters When a Semicolon Exists in a String

TDBISAMQuery failes to detect parameters when there is a semicolon in the SQL, even if the semicolon is quoted in a string literal.
TDBISAMQuery now supports SQL Scripts (multiple SQL statements in SQL), but you cannot use Parameters in SQL Scripts. In the procedure TDBISAMQuery.QueryChanged, it checks if the SQL is a normal SQL or a SQL Script, by calling function TDBISAMQuery.ContainsMultipleStatements. This function is sensitive to any semicolon in the SQL, so a normal SQL with semicolon in string literal is tread as a SQL Script, where no parameter is allowed. It should ignore semicolons in a string literal context.

with DBISAMQUery do begin
  SQL.Text := 'INSERT INTO Foo (Subject, Body) Values ('Hello;
', :MemoData)';
  Params.ParamByName('MemoData').AsString := Memo1.Lines.Text;
  ExecSQL;
end;
// ParamByName('MemoData') returns nil in the above example.

Comments

The ContainsMultipleStatements has been removed for now - it basically prevented someone from using parameters with SQL scripts but for now it will have to be a "dont' do that" situation until we can come up with a way of handling parameters in SQL scripts.

Resolution

Fixed Problem on 11/14/2001 in version 3.04 build 1

More Support Options

Search Incident Reports

Support Forums

Frequently Asked Questions

Technical Bulletins

Technical Articles

Product Manuals

Roadmap