c++ - error in your SQL syntax; [...] near '%+var+%' at line 1 Consulta LIKE MYSQL -


` unicodestring user=usuario->text; unicodestring vidnom="select id_nombre nombre nombre % "+user+" %";

unicodestring contrasena; contrasena=log1->fieldvalues["id_nombre"];`

i'm doing school project in embarcadero rad studio 10.1 berlin want make query wildcard "like" compiler throws me error '%+a variable-code+%' suggestions

if understand code (formatted , corrected me)

unicodestring user=usuario->text;  unicodestring vidnom="select id_nombre nombre nombre '%"+user+"%'";  unicodestring contrasena;  contrasena=log1->fieldvalues["id_nombre"];` 

then such concatenating sql query can lead sql injection, or dependency on special characters in data.


Comments

Popular posts from this blog

jquery - uncaught exception: DataTables Editor - remote hosting of code not allowed -

java - SSE Emitter : Manage timeouts and complete() -

java - How to resolve error - package com.squareup.okhttp3 doesn't exist? -