Search code examples
mysqlsqlparameterssqlparameter

How to use WHERE ID in sql Parameters

I have the following:

somequery.SQL.Add('UPDATE `someDBname`.`someTABLEname` SET

`client`='''+someForm.Edit1.Text+''', 
`phone`='''+someForm.Edit2.Text+''', 
`email`='''+someForm.Edit3.Text+''', 
`details`='''+someForm.Edit4.Text+''', 
`specials`='''+someForm.Edit5.Text+''', 
`price`='''+someForm.Edit6.Text+''', 
`address`='''+someForm.Edit7.Text+''',
`deadline`='''+someForm.DateTimePicker1.DateTime+''',
`status`='''+someForm.Edit9.Text+''' 

WHERE `id`=''' + inttostr(someDataSetid.Value) + ''';');

And I'd like to switch over to using parameters, like this:

someQuery.SQL.Clear;
someQuery.SQL.Add( 'UPDATE `someDBname`.`someTABLEname` ( client, phone, email, details, specials, price, address, deadline, status ) values ( :client, :phone, :email, :details, :specials, :price, :address, :deadline, :status ) ' ) ;
someQuery.Params.ParamByName( 'client' ).AsString := someForm.Edit1.Text ;
someQuery.Params.ParamByName( 'telefon' ).AsString := someForm.Edit2.Text ;
someQuery.Params.ParamByName( 'email' ).AsString := someForm.Edit3.Text ;
someQuery.Params.ParamByName( 'detalii' ).AsString := someForm.Edit4.Text ;
someQuery.Params.ParamByName( 'mentiuni' ).AsString := someForm.Edit5.Text ;
someQuery.Params.ParamByName( 'pret' ).AsString := someForm.Edit6.Text ;
someQuery.Params.ParamByName( 'livrare' ).AsString := someForm.Edit7.Text ;
someQuery.Params.ParamByName( 'deadline' ).AsDateTime := someForm.DateTimePicker1.DateTime ;
someQuery.Params.ParamByName( 'status' ).AsString := someForm.Edit9.Text ;
someQuery.ExecSQL(true);

I have no clue how to convert the WHERE clause containing the ID (1st code example) to parameters (2nd code example) Haven't managed to figure it out yet and I can't seem to find an example on google on how to use a WHERE in parameters. I'm fairly new at using parameters.

What should I write after Params.ParamsByName( 'id' ) - to get the id?

Server is MYSQL. Do let me know in the comments If I left anything out and I will edit

Thanks in advance!

Solution

  • it's very good that you have decided to switch from string concatenation to parameter binding but that doesn't mean you can change the UPDATE syntax. You are still bound by the documented syntax for that 

    'UPDATE `someDBname`.`someTABLEname` SET client=:client, phone=:phone, email=:email, details=:details, specials=:specials, price=:price, address=:address, deadline=:deadline, status=:status WHERE id=:id';

    This is pretty much the same syntax as in your first query but instead of string concatenation you use place holders. And then you bind the parameters one by one 

    someQuery.Params.ParamByName( 'client' ).AsString := someForm.Edit1.Text ;
someQuery.Params.ParamByName( 'telefon' ).AsString := someForm.Edit2.Text ;