Does it require Escaping Single Quotes from TextField SQL Prepared Statements

Hello Everyone,

My First Post.

Question is about the SQLify() function mentioned in Page 204 of Introduction to programming with Xojo. The function replaces single quotes in user_input text with 2 single quotes before the user_input is used in an SQL statement created by string concatenation.

search_input = ReplaceAll(user_input, "'", "''")

If I am using a prepared statement instead of a concatenated string, do I still need to use the SQLify() function to escape the single quotes ?

No. And welcome to the forum.

Using prepared statements, you don’t need escaping for text you bind to a parameter.