Comments by ronschuster (Top 7 by date)

ronschuster 11-Feb-22 12:13pm View

Besides, TADOQuery doesn't put that string of parameter values together either. I've looked at the code. There is no formatting of parameters. It just makes call to the ADO API, passing the actual values in its data structures. In fact, no string is used to pass the parameters at all. I found this very enlightening article, from someone who really does know SQL Server at a deep level.

Why Parameters are a Best Practice

Here are a few relevant points:
"The job of all SQL Server client APIs regardless of programming language is to manage the Tabular Data Stream (TDS) protocol session used for SQL Server communication.
...
The actual parameters, containing parameter definition meta-data and values as specified by the client application, are included in separate structures as part the TDS RPC request stream sent to SQL Server. Most importantly, the actual parameter values as passed as native data types as specified by the client application.
...
the query text you see in a server-side trace of an RPC request is not necessarily what SQL Server actually received by the client API. The query text in trace data is actually a reversed-engineered rendering of the TDS protocol request in familiar T-SQL format.
...
scalar parameter values will show as literal representations in the trace instead of the actual binary structure passed."

That makes more sense than having the client converting numbers to strings and the server needing to convert them back to native numeric values.

Given all that, I think the commas we're seeing are a "red herring" and they're not "really there" since the values are passed by native data types, and not as strings at all.

ronschuster 11-Feb-22 11:36am View

This seems highly unlikely. The customer has been running our application for years with no problem. They say this problem just showed up after upgrading to a new version. But nothing in the code we use to create this statement, or populate the parameter values has changed. The TADOQuery class has certainly not changed; we're still using the same version of the compiler and class library.

ronschuster 11-Feb-22 10:58am View

We absolutely ARE using parameters. You're missing a key point of the post. As I said in the post, twice: This is what the trace in SQL Server Profiler is showing. This is NOT the SQL we send. I also showed the actual SQL statement we're using. Parameters are represented by placeholders prefixed with a colon. We do not include the values in the SQL. They are passed as values in the parameter objects of the ADO component. I was trying to avoid posting actual Delphi code so that readers who do not know Delphi, but do understand SQL Server at a deep level, would be more likely to comment, but since you don't believe we're using parameters properly, I'll post it here.

...
    ADOQuery: TADOQuery;
...
procedure TForm26.FormShow(Sender: TObject);
begin
  // Set up the insert command
  ADOQuery.SQL.Text :=
    'INSERT INTO equip ' +
    '(ac_main_mccb_no,ac_sub_mccb_no,design_pressure,design_temp) ' +
    'VALUES (:ac_main_mccb_no,:ac_sub_mccb_no,:design_pressure,:design_temp)';
  ADOQuery.Parameters.ParamByName('ac_main_mccb_no').DataType := ftString;
  ADOQuery.Parameters.ParamByName('ac_sub_mccb_no').DataType := ftString;
  ADOQuery.Parameters.ParamByName('design_pressure').DataType := ftFloat;
  ADOQuery.Parameters.ParamByName('design_temp').DataType := ftFloat;
end;

procedure TForm26.Button1Click(Sender: TObject);
var
  DesignPres: Double;
begin
  // Compute a value to show that we don't format the value as a string
  DesignPres := 7 / 2;
  // Set the parameter values
  ADOQuery.Parameters.ParamByName('ac_main_mccb_no').Value := Null;
  ADOQuery.Parameters.ParamByName('ac_sub_mccb_no').Value := Null;
  ADOQuery.Parameters.ParamByName('design_pressure').Value := DesignPres;
  ADOQuery.Parameters.ParamByName('design_temp').Value := 380;
  // Execute insert command
  ADOQuery.ExecSQL
end;

and this is the trace of the execution of the command as I see it in SQL Server Profiler

exec sp_executesql N'INSERT INTO equip (ac_main_mccb_no,ac_sub_mccb_no,design_pressure,design_temp) VALUES (@P1,@P2,@P3,@P4)',N'@P1 varchar(50),@P2 varchar(50),@P3 float,@P4 float',NULL,NULL,3.5,380

Here we get the correct value for the parameter in the trace.

ronschuster 11-Feb-22 10:51am View

Deleted

ronschuster 10-Feb-22 14:12pm View

The parameter supply (I assume you mean the list of the actual values of the parameters) DOES look odd. That's kinda the whole problem. We just assign the numeric values to the parameter objects using their numeric values. We don't build that string. That is a function of SQL Server under the hood that I have no control over.

ronschuster 10-Feb-22 14:07pm View

We are NOT concatenating the parameter values directly into the SQL command. This is a parameterized query, which is at the heart of the entire issue. Please see my updated post and see if that is more clear now.

ronschuster 10-Feb-22 14:02pm View

The query is built in code looping through the list of fields needed in the insert statement. The same list is looped for both the column name list and the values list. It would be virtually impossible for them not to match. This is not to mention that this query is running at many sites and this is the only customer reporting this issue.