Selecting records to print using Fastreport

1
votes

I have a report where I would like to select which data to show/print.
I am using UniDAC as dataconnection and it works just fine when I don't select data, just print it all.
I have a varible in my report code called varDiaryGuid that I assign the value I want to filter my records by.
In my test this variable is assigned the value {A13CE6A0-7EB0-469A-87D7-3518FB9F365A} before opening the report.
When the report starts it shows a message box Start report: {A13CE6A0-7EB0-469A-87D7-3518FB9F365A} so the variable is available as it should be.
But then I get an error saying Unexpected character - after some testing it looks like it is the { in start of the GUID.
Any one who has some ideas as what I might test next?

procedure frxReport1OnStartReport(Sender: TfrxComponent);
begin
  ShowMessage('Start report: ' + varDiaryGuid);                                                          
  qryDiary.Close;                             
  qryDiary.SQL.Clear;
  qryDiary.SQL.Text := 'SELECT * FROM qrymd_diary WHERE (flddiary_guid = ' + varDiaryGuid + ')';
  qryDiary.Open;                  
end;
2
sqldelphifastreport

2 Answers

3
votes

You should use parameters for your queries (security and performance).

Define the query for qrydiary component with the OI as 

SELECT
  *
FROM
  qrymd_diary
WHERE
  flddiary_guid = :diary_guid

and in your code you simply assign the parameter value

procedure frxReport1OnStartReport(Sender: TfrxComponent);
begin
  ShowMessage('Start report: ' + varDiaryGuid);                                                          
  qryDiary.Close;                             
  qryDiary.ParamByName( 'diary_guid' ).Value := varDiaryGuid;
  qryDiary.Open;                  
end;

Depending on the sql components you are using, you also have to define the datatype for the parameter. Some of them can resolve the type and some need your help to do. Just check the parameter type with the OI.

You can read more about about using parameters in the documentation

0
votes
qry.SQL.Text := 'SELECT * FROM table WHERE (someTextField = ' + 
                 varSomeText + 
                ')';

In this kind of queries where you send sql commands via code, you should quote the text/string variables like:

qry.SQL.Text := 'SELECT * FROM table WHERE (someTextField = ' + 
                QuotedStr(varSomeText) + 
                ')';

QuotedStr() encapsulates the parameter with "'"s