[Gambas-user] anybody have a parser
Rob Kudla
sourceforge-raindog2 at ...94...
Wed Feb 15 07:51:57 CET 2006
On Wed February 15 2006 00:25, johnf wrote:
> Thanks for the response. I'm using 1.9.24 and using
> "DB.Quote(textarea.Text)" does not work for me. Just adding a
> " ' " (a single quote) to the text will cause the update
> statement to fail. The single quote is not escaped correctly.
> However, it does appear to work if the string is not
> multi-line.
Yeah, that's because DB.Quote (in gb.db.mysql, at least) seems to
put the quoted string in backticks, so single quotes wouldn't
hurt it. Sticking backticks in your string, however, does cause
DB.Quote to not work so well. Same with putting in a newline.
I'd call that a bug.
I think that whatever algorithm is used in PHP's
"mysql_real_escape_string" function is probably a better idea,
but unfortunately I don't have time right now to add the missing
quotable entities to gb.db.mysql (having never looked at that
code before.)
Rob
More information about the User
mailing list