John Elrick wrote:
> // Input := 'Let's meet at the pub tonight!';
> MyFormat := 'insert into stuff (title) values (%s)';
> SQL := Format(MyFormat, QuotedStr(Input));
>
> try
> ASQLite3DB1.Database := db;
> ASQLite3DB1.DefaultDir := ExtractFileDir(Application.ExeName);
> ASQLite3DB1.Open;
>
> ASQLite3DB1.SQLite3_ExecSQL(SQL);
> ASQLite3DB1.Close;
> except
> ShowMessage('Bad');
> end;
A much better solution than QuotedStr is to use queries with parameters.
If you're going to be running the query multiple times it also gives you a
speed boost.
Clay
--
Simple Content Management
http://www.ceamus.com
-----------------------------------------------------------------------------
To unsubscribe, send email to [EMAIL PROTECTED]
-----------------------------------------------------------------------------
