I am FindFirst, etc, to get a list of files and adding them to a table, but, the sql is tripping up on curly braces '{' and '}'.
I am FindFirst, etc, to get a list of files and adding them to a table, but, the sql is tripping up on curly braces '{' and '}'.
I have RegEx code to replace the.
RegEx.Subject := sr.Name;
RegEx.RegEx := '{';
RegEx.Replacement := '\{';
if RegEx.Match then
begin
RegEx.Replace ;
end;
RegEx.Subject := sr.Name;
RegEx.RegEx := '}';
RegEx.Replacement := '\}';
if RegEx.Match then
begin
RegEx.Replace;
end;
Is this the right way do this?
AM I using the correct escape character?
D XE7 Pro & Win 10
Thanks...Dan'l
I have RegEx code to replace the.
RegEx.Subject := sr.Name;
RegEx.RegEx := '{';
RegEx.Replacement := '\{';
if RegEx.Match then
begin
RegEx.Replace ;
end;
RegEx.Subject := sr.Name;
RegEx.RegEx := '}';
RegEx.Replacement := '\}';
if RegEx.Match then
begin
RegEx.Replace;
end;
Is this the right way do this?
AM I using the correct escape character?
D XE7 Pro & Win 10
Thanks...Dan'l
No this is not the correct way to do it. This is the classic SQL injection problem where you risk user data being interpreted as SQL.
ReplyDeleteUse parameters.
insert into files (filename)
ReplyDeletevalues (:file_name);
...
SQLInstance.Params[0].AsString := lFileName;
SQLInstance.Execute;