I’m using MSSQL.
I thought the Database Record Class utilized prepared statements behind the scenes.
I am getting a DB error when trying to insert this due to the apostrophe.
App.myDB.InsertRecord(“Customers”,“Jim’s Service”)
Am I missing something?
Pretty sure it doesnt use prepared statements but just concatenates things together to form an insert statement
The error you’re getting would indicate that is indeed the case
Just as a test, can you double up the apostrophe to see if you still get the error, and if not, what data is actually stored?
Hi Kem,
If I double the apostrophe it works and inserts without an error. I can do this, but there are other far reaching implications as prepared statements are totally broken in the MS SQL plugin (that thing needs a lot of love from Xojo). I thought the db.InsertRecord was the about the only safe feature working the in the MSSQL plugin, but after seeing this, I suspect I will need to look more closely.
The data I am reading is coming from a different ODBC database and has single quotes in the columns for names, etc…
I’m not aware of a version of InsertRecord that takes two strings, as far as I see the parameters are table name and DatabaseRecord. An instance of DatabaseRecord, should handle the quotes for you.
https://documentation.xojo.com/api/deprecated/deprecated_class_members/database.insertrecord.html
Yes, this seems like a bug.
I agree, this looks like a bug. Thanks for your input guys.
I am not sure this will help in this scenario, but I have a database that I replace an apostrophe ( ’ ) with alt 0146 ( ) on user input data before I save it so SQL statements don’t interpret it incorrectly.
I replace standard single quote with a curly single quote before saving the Data.
@Joseph Evert as a Pre-release tester you should have a look at & experiment with prepared statements in the current cycle. I’m finding the implementation a great deal more reliable.
+1000 … Amen!
Yepp 