escapeSQL
Description
Returns the given string with special SQL characters escaped. This is a fairly simplistic function - it just replaces single quotes with two single quotes, and backslashes with two backslashes. See system.db.runPrepUpdate for a much safer way to sanitize user input.
Syntax
escapeSQL( string )
Examples
"SELECT * FROM mytable WHERE option = '"
+ escapeSQL(
"Jim's Settings"
) +
"'"
// returns SELECT * FROM mytable WHERE option='Jim''s Settings'
"SELECT * FROM mytable WHERE option = 'escapeSQL({Root Container.TextField.text}) + "
'"
//returns a query with sanitized user input from a text field.