adoquery syntax error....?? 1

[Transmitter319]

Hi,
Im trying to get the syntax right on this. It works fine if I use this line
ADOQuery1.SQL.Text:= 'Insert INTO Button1 ( ArtistID, ArtistName, StringField2) VALUES (9,''simply red'',''This is a Test'')' ;
However if I try to stick the line below in the following and try sticking the name simply red into a text string it gives me an error. The name simply cannot be used in this context etc...

procedure TForm1.Button2Click(Sender: TObject);
var
test2 : string;

begin
test2 := 'simply red';
adoquery1.close();
adoquery1.SQL.Clear;
ADOQuery1.SQL.Text:= 'Insert INTO Button1 ( ArtistID, ArtistName, StringField2) VALUES (9,test2,''This is a Test'')' ;
adoquery1.ExecSQL;
end;

It seems to look like im using " on the posting but im using ' 'just incase it looks odd on this website.

Can someone give me an idea of how this should be done?

Thanks

Glen

 

[whosrdaddy]

use parameters,
there are a few reasons why you want to use parameters:

- higher security (sql injection concerns)
- no messing with quotes.

so, to help you out:

Artist := 'simply red';
AString := 'This is a test';
//adoquery1.SQL.Clear; not needed since you set a new string below
ADOQuery.ParamCheck := True; // need this to force creation of parameters
ADOQuery1.SQL.Text:= 'Insert INTO Button1 ( ArtistID, ArtistName, StringField2) VALUES (9,:ArtistName,:StringField2)' ;
ADOQuery1.Parameters.ParamByName('ArtistName').Value := Artist;
ADOQuery1.Parameters.ParamByName('StringField2').Value := AString;
ADOQuery1.ExecSQL;
end;

As you can see not a lot of work....

Cheers,
Daddy

-----------------------------------------------------
What You See Is What You Get
Never underestimate tha powah of tha google!

 

[Transmitter319]

Gun to head...I think the pennys dropping now.
It looks like you build the string etc first and the execute it..I was thinking it was stepping through....

Thanks for the code...ill go play.

Glen