Insert into SQL with a '

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Insert into SQL with a '

Message

From

21/08/2019 13:42:29

Mark Hardiman
Kernel Software
Ireland, Ireland

21/08/2019 12:52:39

Cetin Basoz
Engineerica Inc.
Izmir, Turkey

General information

Forum:

Visual FoxPro

Category:

Databases,Tables, Views, Indexing and SQL syntax

Title:

Re: Insert into SQL with a '

Miscellaneous

Thread ID:

01670208

Message ID:

01670220

Views:

>>>>Try to use parameters instead:
>>>>

>>>>text to lcSQLCommand noshow
>>>>Insert into Contacts ([Contact Name]) 
>>>>values (?m.lcName)
>>>
>>>endtext
>>>
>>>>SQLEXEC(m.lnSQLHandler, m.lcSQLcommand)

>>
>>... and to add to why you may want to use parameters (aside from the original question about problem caused by apostrophe within name):
>>https://www.w3schools.com/sql/sql_injection.asp
>>https://xkcd.com/327/
>
>Thanks but I am already aware why I would want to use parameters :) I assume you meant to send to Mark instead.
Thanks all.
~M

Go raibh maith agat

~M

Map

View

Click here to load this message in the networking platform