Whenever I try to run this code it returns a syntax error, I have followed a few formats from what was posted here, but nothing I do seems to work. How can I fix this?
with adoQuerysupplier do
begin
sql.Clear;
sql.Add('UPDATE SupplierList');
SQL.Add('SET :Column = :newdetail');
SQL.Add('WHERE :Column1 = :OldDetail');
Parameters.ParseSQL(adoQuerysupplier.SQL.Text, True);
Parameters.ParamByName('Column').Value:= column;
Parameters.ParamByName('Column1').Value:= column;
Parameters.ParamByName('newdetail').Value:= newdetail;
Parameters.ParamByName('OldDetail').Value:= olddetail;
ExecSQL;
all variables are strings and are successfully being captured. This is my first question so I apologize in advance if I have any format errors. Please let me know if I need to post anymore more code. The table name is not a variable
you can't use parameters for field names. if you really have to do that you need to write a big switch statement. alternatively build the query as a string:
sql.Add('UPDATE SupplierList');
SQL.Add('SET [' + column2 + '] = :newdetail');
SQL.Add('WHERE [' + column1 + '] = :OldDetail');
Parameters.ParseSQL(adoQuerysupplier.SQL.Text, True);
Parameters.ParamByName('newdetail').Value:= newdetail;
Parameters.ParamByName('OldDetail').Value:= olddetail;
Consider possible SQL injection!