Zeolibs: Unknown column in Where clause

Question

I am trying to execute a SQL query using Zeolibs but compiler keeps complaining with the following error - Unknown column in Where clause.

ZQuery1.SQL.Text := 'SELECT * FROM new_table WHERE TagName = '+theSig.f.TagName;
ZQuery1.ExecSQL;

But I checked all the columns in my database table and it is correct as I have it here TagName

What is wrong with my SQL statement?

@jarlh `'SELECT * FROM new_table WHERE TagName = GB1'#$D#$A` — ThN, Jan 16 '15 at 15:26
The you've lost quotes around your value. Right now it looks for a column with that odd value. — jarlh, Jan 16 '15 at 15:27

score 3 · Accepted Answer · edited May 23 '17 at 12:27

3

You need to use the QuotedStr function. So your code will be

ZQuery1.SQL.Text := 'SELECT * FROM new_table WHERE TagName = '+QuotedStr(theSig.f.TagName);

A better alternative is to use parametrized queries (this will block attempts for SQL injection - take a quick look at this question).

ZQuery1.SQL.Text := 'SELECT * FROM new_table WHERE TagName = :myparam';
ZQuery1.ParamByName('myparam').AsString := theSig.f.TagName;

edited May 23 '17 at 12:27

Community

answered Jan 16 '15 at 15:33

RBA

You are right I apparently needed double quotes around the TagName value. I played around with statement and got it to work. `SELECT * FROM new_table WHERE TagName = " '+theSig.f.TagName+' " ';` – ThN Jan 16 '15 at 15:39
1

It is better to use parametrized queries instead of lots and lots of quotas. – RBA Jan 16 '15 at 15:43

1 Answers1