Some more clarification of my problem: I had two procedures to communicate with the sqlite database:
Public Sub Trans(be As String) As String Dim atmen As String atmen = Replace$(be, "$", ".") atmen = Replace$(atmen, "€", "-") atmen = Replace$(atmen, "_", " ") atmen = Replace$(atmen, "£", "/") atmen = Replace$(atmen, "¢", "+") atmen = Replace$(atmen, "§", "'") atmen = Replace$(atmen, "¥", ":") Return atmen End Public Sub TransB(be As String) As String Dim atmen As String atmen = Replace$(be, ".", "$") atmen = Replace$(atmen, "-", "€") atmen = Replace$(atmen, " ", "_") atmen = Replace$(atmen, "/", "£") atmen = Replace$(atmen, "+", "¢") atmen = Replace$(atmen, "'", "§") atmen = Replace$(atmen, ":", "¥") Return atmen End These were the guards for special characters. The first one did the conversion from database to GUI, the second did encode the strings for the database insertion. I suppose there is a better way for doing it. I'd like to learn that way! 2012/1/19, M. Cs. <mohar...@gmail.com>: > I'm sorry Benoit, > I would like to ask your help with this kind of insertions: > If I have a table called MyTable with creation: > > CREATE TABLE CENTRAL(VName Text,FPath TEXT,FName TEXT,FSubs > INTEGER,FSize REAL,FChanged TEXT); > > How could I ensure the failsafe insert query with following fields: > VName-> Photos 5. > FPath -> /Image3 /2011 > FName-> Brother's day.jpg > FSubs-> 1 > FSize-> 568234.2 > FChanged-> 2011-12-06 > > So how to use &1 and &2 arguments in work? > > And how can I retrieve the fields where FName is Like sign ' as in > Brother's day.jpg? > > The query usually fails just like that If I try to seek for the files > containing certain characters which are in use by the Sqlite backend. > > I only need two lines of the answer. Thanks! > > Csaba > > > 2012/1/18, M. Cs. <mohar...@gmail.com>: >> Yes, Benoit. I'll check the documentation, since I always used the >> Myconnection.Exec("SELECT FROM table WHERE field='"& myvar & "';) form >> of the querying, and now I would like to change it to a more >> convenient way, since I always had to assure myvar is safe. >> >> 2012/1/18, Benoît Minisini <gam...@users.sourceforge.net>: >>> Le 18/01/2012 14:17, M. Cs. a écrit : >>>> Hi! >>>> Is there any built in function in Gambas3 which can secure the >>>> database connection from the errors caused by special characters? >>>> >>>> I have written functions for replacing the dangerous characters like >>>> ', +, . and so on, but I'd like to know whether there is a way to make >>>> queries secure from failures. >>>> >>>> Thanks! >>>> >>> >>> SQL quoting is automatically done by the following methods of the >>> Connection class: Exec(), Find(), Edit(), Delete(), Subst(), provided >>> that: >>> >>> - You use "&1", "&2"... inside the request string to tell where quoted >>> arguments must be inserted. >>> >>> - You actually pass these arguments. >>> >>> Is it what you need? >>> >>> -- >>> Benoît Minisini >>> >>> ------------------------------------------------------------------------------ >>> Keep Your Developer Skills Current with LearnDevNow! >>> The most comprehensive online learning library for Microsoft developers >>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >>> Metro Style Apps, more. Free future releases when you subscribe now! >>> http://p.sf.net/sfu/learndevnow-d2d >>> _______________________________________________ >>> Gambas-user mailing list >>> Gambas-user@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/gambas-user >>> >> > ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Gambas-user mailing list Gambas-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/gambas-user