Delphi supports parameterized SQL statements, but I rarely use Paramters/Params attributes, and usually construct SQL by myself.
Use SQL.Text:='Select * from ..Where ID='''+edit1.text+'''';
However, this method requires careful SQL injection attacks.
Today, I switched to the Paramters property of the ADOQuery control. It was already very simple, and I found many problems after using it. Since I only use one ADOQuery control, and the SQL statements and parameters in the statements often change, I first used the following code in the program:
............
ADOQ.Parameters.Clear;
ADOQ.Parameters.CreateParameter(...); //Create parameter 1
ADOQ.Parameters.CreateParameter(...); //Create Parameter 2
ADOQ.SQL.Clear;
ADOQ.SQL.Assign(memo1.text);
............
Once executed, it is sometimes normal, sometimes it is reported, and something is said to be incorrect incorrect parameter settings (used to access).
After two days of tossing, I found that the following code must be used (it's really strange):
............
ADOQ.Parameters.Clear;
Parami:=ADOQ.Parameters.ADDParameter; //Create parameter 1
Parami.Name:=...; Parami.Value:=...
Parami:=ADOQ.Parameters.ADDParameter; //Create parameter 2
Parami.Name:=...; Parami.Value:=...
//ADOQ.SQL.Clear; // This sentence cannot be used,
ADOQ.SQL.Assign(memo1.text);
............