Please make protect against AddWhere

Discussion of open issues, suggestions and bugs regarding SDAC (SQL Server Data Access Components) for Delphi, C++Builder, Lazarus (and FPC)
Post Reply
Alexander_73
Posts: 52
Joined: Mon 24 Mar 2008 13:22

Please make protect against AddWhere

Post by Alexander_73 » Wed 16 Jul 2008 09:44

Make please protection against using AddWhere if an TMSQuery SQL statement does not contain SELECT or add its processing for UPDATE|DELETE.
Because of its use we have incurred monstrous losses.
In code was used:
Q:=TMSQuery.Create(nil);
try
Q.Connection:=DM.PayConnect;
Q.SQL.Text:='UPDATE Invoices SET InvoiceState=GETDATE() ';
Q.AddWhere('FirmID='+IntToStr(FirmID);
...
. The code has been by mistake applied and all records were updated, because FinalSQL has no text 'WHERE FirmID=...' :(
Top
Antaeus
Posts: 2098
Joined: Tue 14 Feb 2006 10:14

Post by Antaeus » Wed 16 Jul 2008 11:12

The AddWhere method can add conditions only to SELECT statements. Other statement kinds are ignored.
Top
Post Reply

Return to “SQL Server Data Access Components”