-4
procedure TformVet.sdaClick(Sender: TObject);
var anID, anT, anN, anG, anSp, anSi, anDR, anDF, anPD, anTr, anO : String;
anRID, anRT, anRN, anRG, anRSp, anRSi, anRDR, anRDF, anRPD, anRTr, anRO : String;
begin
ShowMessage('If you are not searching for a specific group of data, leave the input field empty!');
anID := InputBox('Animal ID','What is the ID of the Animal you are searching for?','');
anT := InputBox('Animal Type','What is the type of Animal you are searching for?','');
anN := InputBox('Animal Name','What is the name of the Animal you are searching for?','');
anG := InputBox('Animal Genus','What is the genus of the Animal you are searching for?','');
anSp := InputBox('Animal Species','What is the species of the Animal you are searching for?','');
anSi := InputBox('Animal Sickness','What is the sickness of the Animal you are searching for?','');
anDR := InputBox('Date Received','What is the date received of the Animal you are searching for?','');
anDF := InputBox('Date Fetched','What is the date fetched of the Animal you are searching for?','');
anPD := InputBox('Paid','What is the status of payment of the Animal''s treatment that you are searching for? (Yes/No)','');
anTr := InputBox('Treatment','What is the cost of the treatment you are searching for?','');
anO := InputBox('Owner ID','What is the ID of the Owner you are searching for?','');
if getLen(anID) > 0 then
anRID := '(AnimalID = ' + anID + ')'
else
anRID := '(AnimalID LIKE "*")';
if getLen(anT) > 0 then
anRT := '(anType = "' + anT + '")'
else
anRT := '(anType LIKE "*")';
if getLen(anN) > 0 then
anRN := '(anName = "' + anN + '")'
else if getLen(anN) = 0 then
anRN := '(anName LIKE "*")';
if getLen(anG) > 0 then
anRG := '(anGenus = "' + anG + '")'
else
anRG := '(anGenus LIKE "*")';
if getLen(anSp) > 0 then
anRSp := '(anSpecie = "' + anSp + '")'
else
anRSp := '(anSpecie LIKE "*")';
if getLen(anSi) > 0 then
anRSi := '(anSick = "' + anSi + '")'
else
anRSi := '(anSick LIKE "*")';
if getLen(anDR) > 0 then
anRDR := '(anDateRec = "' + anDr + '")'
else
anRDR := '(anDateRec LIKE "*")';
if getLen(anDF) > 0 then
anRDF := '(anDateFet = "' + anDf + '")'
else
anRDF := '(anDateFet LIKE "*")';
i := 1;
While i = 1 do
begin
if UpperCase(anPD) = 'YES' then
begin
anRPD := '(anPaid = "-1")';
i := 0;
end
else if UpperCase(anPD) = 'NO' then
begin
anRPD := '(anPaid = "0")';
i := 0;
end
else if getLen(anPD) = 0 then
begin
anRPD := '(anPaid LIKE "*")';
i := 0;
end
else
ShowMessage(anPD + ' is not a valid query!');
end;
if getLen(anTr) > 0 then
anRTr := '(anTreat = ' + anTr + ')'
else
anRTr := '(anTreat LIKE "*")';
if getLen(anO) > 0 then
anRO := '(OwnerID = ' + anO + ')'
else
anRO := '(OwnerID LIKE "*")';
SS := 'SELECT * FROM tblAnimal ';
SS := SS + 'WHERE ' + anRT + ' AND ' + anRN + ' AND ' + anRT + ' AND ' + anRG + ' AND ' + anRSp + ' AND ' + anRSi + ' AND ' + anRDR + ' AND ' + anRDF + ' AND ' + anRPD + ' AND ' + anRTr + ' AND ' + anRO + ';';
adoAnimal.Close;
adoAnimal.SQL.Text := SS;
adoAnimal.ExecSQL;
adoAnimal.Open;
end;
これは指定されたデータを持つレコードを検索すると思われますが動作しない検索ボタンのコードです。ただし、データを入力しなくても、結果は返されません。SQLクエリはAccessデータベースでは動作しますが、Delphi 7では動作しません
これではデータが入力されないときに実行されるSQLクエリ:
SELECT * FROM tblAnimal WHERE (anType LIKE "*") AND (anName LIKE "*") AND (anType LIKE "*") AND (anGenus LIKE "*") AND (anSpecie LIKE "*") AND (anSick LIKE "*") AND (anDateRec LIKE "*") AND (anDateFet LIKE "*") AND (anPaid LIKE "*") AND (anTreat LIKE "*") AND (OwnerID LIKE "*");
これは、高校のプロジェクトのためのものであり、任意のヘルプは高く評価されるだろう! `
私は、これは高校のプロジェクトです知っているが、してくださいSQLインジェクションとそれを防ぐ方法を読んでください(ヒント:パラメータを使用してください) – whosrdaddy
カラムに条件がない場合は、クエリのそのカラムの基準を指定しないでください。条件が指定されていない場合の "default"クエリは、単純な 'select * from tblAnimal'をもたらすはずです。 – Deltics