[V4MD] Escaping (allowing) single quote char

[Irv Kalb]

Thanks Ruslan.  That fixed it!

Irv

At 8:21 PM +0300 9/22/08, Ruslan Zasukhin wrote:
>On 9/22/08 8:12 PM, "Irv Kalb" <Irv at furrypants.com> wrote:
>
>>  I'm trying to do a search in a table where the value of the field I'm
>>  trying to match has a single quote character in it.  I'm doing this
>>  in a routine and passing in a string to search for.  The entries in
>>  this field are often multiple words.  I've found that for multiple
>>  words, you need to surround the match word in single quotes.  The
>>  code is like this:
>>
>>     cursor = poDB.SqlQuery("SELECT * FROM WordMapping WHERE WordFound =
>>  " & "'" & theWordIn & "'")
>>
>>  This works fine on multiple words (e.g, 'one two three').  But it
>>  fails if one of them as a single quote in it - the particular three
>>  word phrase it's getting caught on is:  'of humanity's past'.
>>
>>     Error:462848
>>
>>  This seems perfectly reasonable as I'm using single quotes as the
>>  delimiter.  But how can I specify that I want to seach for a match
>>  where fields will have BOTH embedded spaces and one or more single
>>  quotes?
>>
>>  I see that there is a function called EscapeString, but I am unclear
>>  as to how I would use it in this case.
>
>Easy.
>
>Rule is simple:
>
>     IF you build query string as CONCAT of something
>     with strings **from user input** you should use
>     EscapeString() on that strings
>
>
>  cursor = poDB.SqlQuery(
>           "SELECT * FROM WordMapping WHERE WordFound =
>           " & "'" &
>           EscapeString(theWordIn) & "'")
>
>
>--
>Best regards,
>
>Ruslan Zasukhin
>VP Engineering and New Technology
>Paradigma Software, Inc
>
>Valentina - Joining Worlds of Information
>http://www.paradigmasoft.com
>
>[I feel the need: the need for speed]
>
>
>_______________________________________________
>Valentina mailing list
>Valentina at lists.macserve.net
>http://lists.macserve.net/mailman/listinfo/valentina


-- 

Multimedia R Us