0

Whenever I try to run this code it returns a syntax error, I have followed a few formats from what was posted here, but nothing I do seems to work. How can I fix this?

with adoQuerysupplier do                                                
 begin
 sql.Clear;
 sql.Add('UPDATE SupplierList');
 SQL.Add('SET :Column = :newdetail');
 SQL.Add('WHERE :Column1 = :OldDetail');
 Parameters.ParseSQL(adoQuerysupplier.SQL.Text, True);
 Parameters.ParamByName('Column').Value:= column;
 Parameters.ParamByName('Column1').Value:= column;
 Parameters.ParamByName('newdetail').Value:= newdetail;
 Parameters.ParamByName('OldDetail').Value:= olddetail;
 ExecSQL;

all variables are strings and are successfully being captured. This is my first question so I apologize in advance if I have any format errors. Please let me know if I need to post anymore more code. The table name is not a variable

  • 2
    "syntax error"? Is that all it said? – Blorgbeard Sep 30 '17 at 19:32
  • If you use FireDAC, you can use macros (they can substitute markers with values). But that doesn't seem to be for you. – Victoria Sep 30 '17 at 20:18
  • The error I received was 'Syntax error in UPDATE Statement'. Yeah, I can't use FireDac even if I wanted to, this is for a project. But thank you very much for that suggestion. –  Oct 01 '17 at 11:21

1 Answers1

6

you can't use parameters for field names. if you really have to do that you need to write a big switch statement. alternatively build the query as a string:

sql.Add('UPDATE SupplierList');
SQL.Add('SET [' + column2 + ']  = :newdetail');
SQL.Add('WHERE [' + column1 + '] = :OldDetail');
Parameters.ParseSQL(adoQuerysupplier.SQL.Text, True);
Parameters.ParamByName('newdetail').Value:= newdetail;
Parameters.ParamByName('OldDetail').Value:= olddetail;

Consider possible SQL injection!

Z .
  • 12,657
  • 1
  • 31
  • 56