Dim sqlInsert as string
sqlinsert=“insert into Team (‘ID’,‘Name’) VALUES (‘1’,TextField1.Text);”
mDB.SQLExecute (sqlinsert)
i want direct insert data from textfield1.text to database.but no respond from database.
sqlinsert="insert into Team ('ID','Name') VALUES ('1','" + textfield1.text +"')"look closely at the quotes
1 Like
thank you very much Dave.
i have another question. how can i read specific data based on primary id, and display on textbox?
[quote=252893:@Dave S]
sqlinsert="insert into Team ('ID','Name') VALUES ('1','" + textfield1.text +"')"
look closely at the quotes[/quote]
Please excuse some questions from a SQL amateur.
- If the string ( here textfield1.text ) includes a single quote ( maybe a name like O’Brien ), does that cause an issue with the SQL statement?
- If the string includes some high UTF-8 ( like Japanese ), might, as half of a 2-byte character, the string include a single quote and cause an issue?
Yes - its why you should not do it this way and use a PreparedStatement instead Or database record to insert data instead
Potentially - see answer to #1
And someone will suggest “oh just double up quotes & you’re good”
Still a bad idea as the number of things you might have to account for can grow kind of large
Its why prepared statements & database record inserts even exist now
Thank you Norman. That helps me.