Why not just use parameterized queries? On Wed, May 18, 2016 at 8:16 PM, Paul Dupuis <p...@researchware.com> wrote:
> Does anyone have some really good (comprehensive) routines to escape and > unescape text data for storing in a SQL database (like SQLite or MySQL) > > basics like: > replace cr with "\n" in pText -- replace any cr with "\n" for new line > replace tab with "\t" in pText-- replace tabs with "\t" > replace "'" with "\'" in pText-- replace single quotes with an escaped > single quote > replace quote with backslash"e in pText-- replace double quote with > escaped double quote > > > but I expect I am missing some characters that SQL manuals say should be > escaped. What about slash itself? And do you unescaped them in the same > order you escape them or reverse order or does the order matter? > > I could Google the manuals, write some code, test it and revise until > I've found all the characters and got the order to escape and unescape > down correctly, but I figure someone else may have already done this > comprehensively and be willing to share their code? > > > > > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > -- On the first day, God created the heavens and the Earth On the second day, God created the oceans. On the third day, God put the animals on hold for a few hours, and did a little diving. And God said, "This is good." _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
