Here is my code:
Code: Select all
Var
PParamScore : TDAParam;
PParamNameAndSurname :TDAParam;
Begin
IBCConnection.Connect;
IBCQuery.Params.Clear;
PParamScore := IBCQuery.Params.CreateParam(TFieldType.ftInteger, 'SCORE', TParamType.ptInput);
PParamScore.Value := 1000; (*Random score value of 1000*)
PParamNameAndSurname := IBCQuery.Params.CreateParam(TFieldType.ftString, 'NAMEANDSURNAME',
TParamType.ptInput);
PParamNameAndSurname.Value := 'Jacobus Opperman';
IBCQuery.Params.AddParam(PParamScore);
IBCQuery.Params.AddParam(PParamNameAndSurname);
IBCQuery.ParamCheck := True;
IBCQuery.SQL.Text := 'insert into snake (SCORE, NAMEANDSURNAME) '
+ 'values (:@PParamScore, :@ParamNameAndSurname);';
IBCQuery.Execute;
End;
Everything compiles without error. At IBCQuery.Execute I get the following runtime error:
'Dynamic SQL Error
SQL error code = -206
Column unknown
PPARAMSCORE'
SCORE and NAMEANDSURNAME are the two columns allready created in a Firebird database table SNAKE. I can make everything work with pure SQL without paramaters but I would like to do it with parameters to prevent SQL code injection attacks. I hope someone will be able to provide me some code because I have tried many things and nothing already written at the forums help. Thank you!