I formally withdraw my suggestion that you double up embedded delimiters. (I have Johnny Drop Tables on my tatabletop display of comics...)
-- rk -----Original Message----- From: ProfoxTech [mailto:[email protected]] On Behalf Of Ted Roche Sent: Tuesday, March 12, 2013 3:31 PM To: [email protected] Subject: Re: SQL statement formation On Tue, Mar 12, 2013 at 3:22 PM, Frank Cazabon <[email protected]>wrote: > > if you use parameters, then you won't have to worry about extra double > or single quotes. +1 You need to safely escape the text of all unsafe content, especially if it is supplied by the user. Avoid Johnny Drop Tables! http://xkcd.com/327/ -- Ted Roche _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/DF1EEF11E586A64FB54A97F22A8BD0442188F510E2@ACKBWDDQH1.artfact.local ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
