return last value from sql query

Yes. Never use db.SQLSelect() with anything just added to the SQL statement from the user. Always use a prepared statement. The example given was a bit misleading in that area. Being that the user is new to database programming, they may very well follow the template given w/no other changes.

Good catch @Tim Hare

Just to add a better example :slight_smile:
Pseudo code…
(Error checking excluded)

Please note that PostgreSQLPreparedStatement done not require the use of BindType as other dbs do.

[code]Dim ps as PostgreSQLPreparedStatement
Dim rs as RecordSet

ps = PostgreSQLPreparedStatement(db.Prepare(“INSERT INTO table (col1, col2) VALUES($1, $2) RETURNING id”))
ps.Bind(0, somevar1)
ps.Bind(1, somevar2)
rs = ps.SQLSelect()
[/code]