[Gambas-user] Insert thext with " ' " in sqlite database

Paolo Fagni paolo.fagni at ...626...
Wed Jan 23 16:48:42 CET 2008


On Jan 23, 2008 4:21 PM, Benoit Minisini <gambas at ...1...>
wrote:

> On mercredi 23 janvier 2008, Paolo Fagni wrote:
> >
> > Thank you very much, since I have a String and I use DB.Exec("INSERT
> INTO
> > ...") to execute my SQL insertion, I'd go for a Replace$().
> >
> > Thank you again.
>
> Mmm, you didn't see the point.
>
> You must use the substitute arguments of these methods, so that they will
> correctly quote the values while making the request.
>
> I mean, you should never do:
>
> DB.Exec("INSERT INTO MyTable VALUES(" & CStr(Id) & ", '" &
> Replace(Name, "'", "''") & "')")
>
> even if it could be correct, but:
>
> DB.Exec("INSERT INTO MyTable VALUES(&1, &2)", Id, Name).
>
> You should read the documentation on the wiki about these methods.
>
> Regards,
>
> --
> Benoit Minisini
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Gambas-user mailing list
> Gambas-user at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/gambas-user
>

Ok, got it :) sorry for the confusion and thank you.

-- 
Paolo Fagni



More information about the User mailing list