|
Post by Brent on Oct 11, 2007 14:52:03 GMT -5
Before executing any query using user-entered text, you should escape it to prevent syntax errors in the SQL code or (worse) SQL injection by malicious people or scripts. Code:a$ = sqliteEscape$("''a's'd'f''") b$ = sqliteUnescape$(a$) print a$ print b$ end
Function sqliteEscape$( Text$ ) i = InStr(Text$, "'") While i Text$ = Left$(Text$, i) + Mid$(Text$, i) i = InStr(Text$, "'", i + 2) Wend sqliteEscape$ = Text$ End Function
Function sqliteUnescape$( Text$ ) i = InStr(Text$, "''") While i Text$ = Left$(Text$, i) + Mid$(Text$, i + 2) i = InStr(Text$, "''", i + 1) Wend sqliteUnescape$ = Text$ End Function |
|
|