On 10/27/05, Oleg Broytmann <[EMAIL PROTECTED]> wrote: > On Wed, Oct 26, 2005 at 07:21:17PM -0700, Shalabh Chaturvedi wrote: > > This would be SQL-escaped similar to the way HTML is escaped within PTL > > You can eacape an HTML snipet because there one clearly defined standrd > escame method. > You cannot escape an SQL query because there are too many slightly > different SQLs.
.... and you generally shouldn't paste escaped values into SQL statements, but rather use bind variables in any case. Paul. _______________________________________________ Quixote-users mailing list [email protected] http://mail.mems-exchange.org/mailman/listinfo/quixote-users
