Why not just use parameterized queries? On Wed, May 18, 2016 at 8:16 PM, Paul Dupuis <[email protected]> wrote:
> Does anyone have some really good (comprehensive) routines to escape and > unescape text data for storing in a SQL database (like SQLite or MySQL) > > basics like: > replace cr with "\n" in pText -- replace any cr with "\n" for new line > replace tab with "\t" in pText-- replace tabs with "\t" > replace "'" with "\'" in pText-- replace single quotes with an escaped > single quote > replace quote with backslash"e in pText-- replace double quote with > escaped double quote > > > but I expect I am missing some characters that SQL manuals say should be > escaped. What about slash itself? And do you unescaped them in the same > order you escape them or reverse order or does the order matter? > > I could Google the manuals, write some code, test it and revise until > I've found all the characters and got the order to escape and unescape > down correctly, but I figure someone else may have already done this > comprehensively and be willing to share their code? > > > > > > > _______________________________________________ > use-livecode mailing list > [email protected] > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > -- On the first day, God created the heavens and the Earth On the second day, God created the oceans. On the third day, God put the animals on hold for a few hours, and did a little diving. And God said, "This is good." _______________________________________________ use-livecode mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
