Graham Menhennitt wrote: > Mark Johnson wrote: > >> PostgreSQL gives a warning for '', but accepts it; it prefers \'. MySql >> takes the ''; I'm not sure about \'. Obviously SQLite won't take the \'. >> >> However, the real problem is that it is not gnucash-gda code which is >> doing the escaping of the single quote. It is libgda, probably the >> SQLite provider. Therefore not under this project's control. >> >> > Guys, this isn't the right way to do it. When using SQL, you should > never have to worry about quoting because you shouldn't build SQL > statements like that. Use a prepared statement and bind the values to > numbered or named parameters in the SQL. All the relevant providers > allow it. GDA allows it. Now there may be bugs in GDA - I don't know. > But at least try to get it to work before worrying about workarounds > like this. > >
The providers allow it, GDA allows it, but not all of the GDA providers use the facilities. I couldn't find any sqlite3_bind_xxx() calls in the GDA sqlite provider, for example. I agree that the gda backend should change to using the libgda parameter functions, but I shouldn't have to do that to work around this problem, which is a bug in libgda. Phil _______________________________________________ gnucash-devel mailing list [email protected] https://lists.gnucash.org/mailman/listinfo/gnucash-devel
