[Gambas-user] Insert thext with " ' " in sqlite database

Benoit Minisini gambas at ...1...
Wed Jan 23 16:21:29 CET 2008


On mercredi 23 janvier 2008, Paolo Fagni wrote:
>
> Thank you very much, since I have a String and I use DB.Exec("INSERT INTO
> ...") to execute my SQL insertion, I'd go for a Replace$().
>
> Thank you again.

Mmm, you didn't see the point.

You must use the substitute arguments of these methods, so that they will 
correctly quote the values while making the request.

I mean, you should never do:

DB.Exec("INSERT INTO MyTable VALUES(" & CStr(Id) & ", '" & 
Replace(Name, "'", "''") & "')")

even if it could be correct, but:

DB.Exec("INSERT INTO MyTable VALUES(&1, &2)", Id, Name).

You should read the documentation on the wiki about these methods.

Regards,

-- 
Benoit Minisini




More information about the User mailing list