Preventing SQL Injections ?

From: Skybuck Flying (nospam_at_hotmail.com)
Date: 03/29/04 

Date: Mon, 29 Mar 2004 07:09:20 +0200

Hi,

Does delphi's TADOQuery prevent SQL Injections when using parameters ?

For example:

    ADOQuery1.Close;
    ADOQuery1.Parameters.ParamValues[ 'GameName' ] := EditGameName.Text;
    ADOQuery1.SQL.Text := 'SELECT GameName FROM TableGame WHERE
GameName=:GameName';
    ADOQuery1.Open;

In other words... does Delphi check the input from EditGameName.Text when it
is passed to a parameter ?

Bye,
  Skybuck.

Relevant Pages

  • Re: Preventing SQL Injections ?
    ... > Does delphi's TADOQuery prevent SQL Injections when using parameters? ... or in some dark place maybe. ... > Skybuck. ...
    (borland.public.delphi.database.ado)
  • Re: question to Bill Todd and community / ADODB Unit in D7 Enterprise
    ... Delphi 7 Pro and Enterprise. ... is destroying the TADOQuery instance after every use. ... still see memory slowly increasing in preformance monitor. ...
    (borland.public.delphi.database.ado)
  • Re: the dbgrid will be uneditable
    ... only sqlserver tables and the program running in delphi can generate that ... >>if using tadoquery and sql to join two tables,the dbgrid will be ...
    (borland.public.delphi.database.ado)
  • Re: TADOQuery parameter error
    ... Delphi 7, ... I got inconsistent runtime error of parameter not found on some TADOQuery ... I got the compilation error above. ...
    (borland.public.delphi.database.ado)
  • Re: TADOQuery parameter error
    ... Delphi 7, ... I got inconsistent runtime error of parameter not found on some TADOQuery ... I got the compilation error above. ...
    (borland.public.delphi.database.ado)