Kevin Hamilton wrote:

>Using Firebird with PHP, I recently ran into a problem which I know was
>programmer error...instead of escaping the quotes in a string with a
>quote, it was escaped with a backslash. Unfortunately, the problem was
>further compounded by a -- following the improperly escaped quote.
>
>So a SQL statement that should have been something like:
>UPDATE mytable set fieldname='system error: ''--cannot process
>command''' where id=1
>
>Became:
>UPDATE mytable set fieldname='system error: \'--cannot process
>command\'' where id=1
>
>This results in ALL ROWS of mytable now having the value 'system error:
>\' in the field.
>
>
>So, going forward I will be much more careful in my code to avoid this
>sort of programming error. But I would feel MUCH less apprehensive
>about all my legacy code if I could some how prevent Firebird from
>seeing -- as a comment. Is there any setting to do that?
>
>Kevin
>
>
>
>

Hi Kevin,

Unfortunatly no !

What about if you create a function to "clean" the SQL before sending it
to the server ?

I know you will have to search and replace all your code, but could be a
task the pays in advance...

see you !

--

Alexandre Benson Smith
Development
THOR Software e Comercial Ltda.
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.9 - Release Date: 11/06/2005