Mike Copeland wrote on 2013-03-12: > Here's a question that I should know the answer to, but I'll admit it > confuses me. > > When forming an SQL statement in VFP to pass through to MYSQL (or > MariaDB), I use a combination of " and ' delimiters. For example > sqlStatement = "select Fname, Lname from customer where Fname like > '%Bob%'" execsql(sqlStatement) > The problem that I'm running into is when a name, or free-form text, > includes these punctuation marks... > "update customer set Lname='O'mally'" > and my delimiters get screwed up, throw errors and problems ensue. > > So, other than stripping the ' and " characters out of any text string > before passing it to the SQL statement, what is the solution? > > Can I use [ ] when passing SQL statements to a backend server? > > Thanks for any enlightenment. > > Mike Copeland >
Mike, You can use the [] on the outside and the " on the inside instead of the '. You may still run into the variable having a " in it though. Tracy Pearson PowerChurch Software _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
