Is there a reason you can't use the DAL to do the insert? On Monday, August 27, 2012 4:32:09 PM UTC-4, Andrew Evans wrote: > > How can I escape the data submitted by my form to prevent SQL Injection. I > read using request.post_vars does not escape the data, I am using a form > built in HTML and submitting the data passing request.post_vars as > variables to my SQL Query. > > Any ideas > > *cheers > > >
--
