[Gambas-user] Insert thext with " ' " in sqlite database
Benoit Minisini
gambas at ...1...
Wed Jan 23 16:21:29 CET 2008
On mercredi 23 janvier 2008, Paolo Fagni wrote:
>
> Thank you very much, since I have a String and I use DB.Exec("INSERT INTO
> ...") to execute my SQL insertion, I'd go for a Replace$().
>
> Thank you again.
Mmm, you didn't see the point.
You must use the substitute arguments of these methods, so that they will
correctly quote the values while making the request.
I mean, you should never do:
DB.Exec("INSERT INTO MyTable VALUES(" & CStr(Id) & ", '" &
Replace(Name, "'", "''") & "')")
even if it could be correct, but:
DB.Exec("INSERT INTO MyTable VALUES(&1, &2)", Id, Name).
You should read the documentation on the wiki about these methods.
Regards,
--
Benoit Minisini
More information about the User
mailing list