I am writing a script using Pascal in our ERP system.
I am connecting to a MS Access database which has two tables. TIMESHEETHEADER and TIMESHEETLINES.
I have a query that is reading from the database. I would like to pass some variables to the query, but not entirely sure how.
If I have the sql:
ADOQRY.SQL.ADD('select FIRSTNAME, LASTNAME from TIMESHEETHEADER where LASTNAME = :LASTNAME');
ADOQRY.PN('LASTNAME') := EMP_LASTNAME;
I have also tried:
ADOQRY.Parameters.ParamByName('EMP_LASTNAME');
I get a error during compiling which is "Undeclared identifier:'PN' at 156:17" (156:17 represents the line number and number of characters in from the left)
I can get it working with the following:
ADOQRY.SQL.ADD('select FIRSTNAME, LASTNAME from TIMESHEETHEADER where LASTNAME = ' + EMP_LASTNAME );
But I don't think that is the best way of doing it. I believe it could be compromised via SQL injection.
I use the following to declare the connection:
ADO.ConnectionString := 'Provider=Microsoft.Jet.OLEDB.4.0;Data Source=' + TimeSheetFolder + 'TimeSheetRecharge.mdb';
ADO.LoginPrompt := False;
ADO.Connected := true;
ADOQry.Connection := ADO;
I have no problem when accessing a firebird database.
What is the correct syntax for passing a parameter to the SQL query?