0

I have a query that is just a simple INSERT into MySQL. When I use DBQuery.Params to add my value to query I get ??????(or E?? E?E???) in the MySQL side(if I perform a SELECT I get this results too ). But when I directly add my value to query everything is fine.

The problematic way:

procedure TfrmMain.Button1Click(Sender: TObject);
var
    Title: widestring;
begin
    Title:='سلام';

    DBQuery.SQL.Text:=
    'INSERT INTO tblintersection '+
    '( '+
    ' Address, '+
    ' Title, '+
    ' InsertDate '+
    ') '+
    'VALUES '+
    '( '+
    ' :Address  /*Address*/, '+
    ' :Title  /*Title*/, '+
    ' NOW()  /*InsertDate*/ '+
    ')';

    DBQuery.Params.ParamValues['Address']:='100';
    DBQuery.Params.ParamValues['Title']:=Title;
    DBQuery.ExecSQL;
end;

If I change :Title to "'+Title+'"(and removing it's parameter also) the problem will be solved, but I want to use parameters to avoid problems like injection.

DB CharacterSet is Latin1. But everything is fine when I used values directly inside query

I also tested this but no result:

DBQuery.ParamByName('Title').DataType:= ftWideString;
DBQuery.ParamByName('Title').Value:= Title;

I've used Zeos ZSqlMonitor and saved log show this:

2013-09-25 11:18:24 cat: Execute, proto: mysql-5, msg: INSERT INTO tblintersection ( Address, Title, InsertDate ) VALUES ( 'sd45' , '? ??? ??? ???' , NOW() )

How to use parameter and avoid this problem?

SAMPro
  • 1,068
  • 1
  • 15
  • 39
  • 1
    Firstly, whilst a `latin1` column can accommodate any byte string (and therefore will store *any* data, e.g. a photograph, if it has been told that those bytes are `latin1` encoded text), you really should use an encoding under which MySQL will correctly interpret the column's value (e.g. for sorting, comparisons and other textual operations). Secondly, in this case, it sounds as though your problem lies in [the character set of your database connection](http://dev.mysql.com/doc/en/charset-connection.html). – eggyal Sep 25 '13 at 09:01
  • @eggyal, you can post your comment as an answer. – Mark Sep 25 '13 at 09:23
  • @eggyal thanks I will take your notice into consideration, but as you see the log that I get from `ZSqlMonitor`(I've edited my question) the problem isn't MySQL side. – SAMPro Sep 25 '13 at 09:31

0 Answers0