| Subject | Re: [IBO] Parameterized inserts? |
|---|---|
| Author | Helen Borrie |
| Post date | 2002-11-07T11:12:34Z |
At 02:51 AM 07-11-02 -0800, you wrote:
escape-apostrophe. For this reason, if you're doing this from Delphi/BCPPB
and you potentially have apostrophes embedded in strings, you should
somehow make use of Delphi's QuotedStr() function:
Delphi, it places the string between single quotes and escapes any embedded
aposts.
Helen
>One other question:Whatever happens, the SQL that crosses the wire must have the
>
>Normally, when I'm dynamically generating an SQL statement, I have to
>double up any quotes that appear in a literal. That is, if I wanted to
>insert a literal string with an apostrophe in it (i.e. Bob's Pawn Shop),
>I'd have to do something like:
>
>set companyname = 'Bob''s Pawn Shop'
>
>Otherwise, it would think that the apostrophe in the literal was a closing
>quote.
>
>My question is: When I'm assigning parameters with ParamByName, to I have
>to do the same thing, or is that already taken care of for me? For
>instance, would I do:
>
>MyDSQL->ParamByName("CompanyName") = "Bob's Mowers";
>
>or
>
>MyDSQL->ParamByName("CompanyName") = "Bob''s Mowers";
escape-apostrophe. For this reason, if you're doing this from Delphi/BCPPB
and you potentially have apostrophes embedded in strings, you should
somehow make use of Delphi's QuotedStr() function:
>MyDSQL->ParamByName("CompanyName").AsString = QuotedStr(SomeStringVariable);Saying that, I don't know how BCPPB manages with QuotedStr since, in
Delphi, it places the string between single quotes and escapes any embedded
aposts.
Helen