Mike,
if you use parameters, then you won't have to worry about extra double
or single quotes.
cName = "%Bob%"
sqlStatement = "select Fname, Lname from customer where Fname like ?cName"
Frank.
Frank Cazabon
On 12/03/2013 02:10 PM, Mike Copeland wrote:
Here's a question that I should know the answer to, but I'll admit it
confuses me.
When forming an SQL statement in VFP to pass through to MYSQL (or
MariaDB), I use a combination of " and ' delimiters. For example
sqlStatement = "select Fname, Lname from customer where Fname like
'%Bob%'"
execsql(sqlStatement)
The problem that I'm running into is when a name, or free-form text,
includes these punctuation marks...
"update customer set Lname='O'mally'"
and my delimiters get screwed up, throw errors and problems ensue.
So, other than stripping the ' and " characters out of any text string
before passing it to the SQL statement, what is the solution?
Can I use [ ] when passing SQL statements to a backend server?
Thanks for any enlightenment.
Mike Copeland
[excessive quoting removed by server]
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
