|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
10-10-2004, 01:20 PM
|
#1 |
|
Member (7 bit)
Join Date: Jun 2003
Location: Israel
Posts: 92
 |
Visual Basic - Dynamic queries with user parameters
Hi,
If i have some dynamic query like that: "select * from table where columnX like '* " & param & " *' " here param is parameter, that the user inserts. If he inserts something like: ababba'ababab or ababab"ababa this will crash. How should i replace the characters: ' and " ??? (In java i would simply make PreparedStatement that will take care fothat itself automatically. Is there a simmiliar method here too, or i should do it manually and what exactly) TNX |
|
|
|
10-10-2004, 05:52 PM
|
#2 |
|
Come in Ray...
Join Date: Sep 2004
Posts: 1,668
|
In Microsoft SQL, I believe the escape char is represented by entering 2 of what you want in your SQL statement.
So for a single quote (') use '' (two single quotes), double quote use "", etc. MySQL, I believe uses the forward slash (or back slash). Try both. Single quote = /' (or \'), double quote = /" (or \"), etc. |
|
|
|
|
10-10-2004, 07:09 PM
|
#3 |
|
Member (7 bit)
Join Date: Jun 2003
Location: Israel
Posts: 92
|
Thanks you very much. Ptoblem has been solved!!!
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
