--- In firebird-support@yahoogroups.com, Mark Rotteveel <mark@...> wrote:

> Here is your problem. You are concatenating the query string instead of
> using prepared statements (parameterized queries). The text in your XML
> contains an unescaped apostrophe, so that closes the SQL string after
> 'gamesdbid'. Next the parser encounters the s, which is out of place and
> results in the error.
>
> Please change your code to use prepared statements and never ever
> concatenate external strings into a query; by using prepared statements you
> immediately remove problems like vulnerability to SQL injection.
>
> Mark
>
> BTW: For more specifics on the Firebird .net provider, join the .net
> provider mailinglist.

Okay, that makes a whole lot of sense - I revisit my code and change it accordingly.

Thank you for helping me out here and pointing me in the right direction,
Thomas