Use prepared statements.> I made a form where visitors can introduce data.
> I use this:
> strsql="INSERT INTO mytable (field1,field2 ...) values('" & lol & "',#" &
> dat & ...)"
> My problem is that when someone introduces a quotation mark, i get a error
> and the insert fails (e.g. nam'e).
> How can i prevent that?
I believe MySQL has a function for that in the API ...>Controling each entered character seems me to be a
> very big work ...
mysql_escape_string or something.
Database Workbench - tool for InterBase, Firebird, MySQL, Oracle & MS SQL
Database development questions? Check the forum!