c++ - error in your SQL syntax; [...] near '%+var+%' at line 1 Consulta LIKE MYSQL -
` unicodestring user=usuario->text; unicodestring vidnom="select id_nombre nombre nombre % "+user+" %";
unicodestring contrasena; contrasena=log1->fieldvalues["id_nombre"];`
i'm doing school project in embarcadero rad studio 10.1 berlin want make query wildcard "like" compiler throws me error '%+a variable-code+%' suggestions
if understand code (formatted , corrected me)
unicodestring user=usuario->text; unicodestring vidnom="select id_nombre nombre nombre '%"+user+"%'"; unicodestring contrasena; contrasena=log1->fieldvalues["id_nombre"];`
then such concatenating sql query can lead sql injection, or dependency on special characters in data.
Comments
Post a Comment