I recall earlier today that 25 years ago (or so), Excel was complaining when a text file with a single quote code[/code] was loaded. And so, I tested the addition of a ’ in a field and, yes, SQLite complains.
What can I do / must do ?
Use ReplaceAll(SourceText,"'","") // single quote surrounded with double quotes / replace ' with the curly quote () ?
Not at my Desk. Taken from my mind. May have spelling issues.
Dim ps As PreparedStatement
db.Prepare("INSERT INTO myTable (myColumn) VALUES (?)")
ps.Bind(0, myTextToInsert, SQLitePreparedStatement.Text)
ps.SQLExecute
Get into the habit of using PreparedStatements all the time when you as a developer don’t have control over the input.
I always use it even if I am controlling the input, just to be safe.
[quote=273459:@Albin Kiland]Get into the habit of using PreparedStatements all the time when you as a developer don’t have control over the input.
I always use it even if I am controlling the input, just to be safe.[/quote]
There are only 2 cases in which i avoid them:
I work with User/3rd Party Input
In a Thread (but only if Number 1 is still true)
*2: Because i’ve read once, they are slow in a Thread…