--- In [email protected], Mark Rotteveel <mark@...> wrote: > Here is your problem. You are concatenating the query string instead of > using prepared statements (parameterized queries). The text in your XML > contains an unescaped apostrophe, so that closes the SQL string after > 'gamesdbid'. Next the parser encounters the s, which is out of place and > results in the error. > > Please change your code to use prepared statements and never ever > concatenate external strings into a query; by using prepared statements you > immediately remove problems like vulnerability to SQL injection. > > Mark > > BTW: For more specifics on the Firebird .net provider, join the .net > provider mailinglist. Okay, that makes a whole lot of sense - I revisit my code and change it accordingly.
Thank you for helping me out here and pointing me in the right direction, Thomas
