escapeSQL

Description

Returns the given string with special SQL characters escaped. This is a fairly simplistic function - it just replaces single quotes with two single quotes, and backslashes with two backslashes. See system.db.runPrepUpdate for a much safer way to sanitize user input.

Syntax

escapeSQL( string )

Examples

 "SELECT * FROM mytable WHERE option = '" + escapeSQL("Jim's Settings") + "'" // returns SELECT * FROM mytable WHERE option='Jim''s Settings'

 "SELECT * FROM mytable WHERE option = 'escapeSQL({Root Container.TextField.text}) + "'" //returns a query with sanitized user input from a text field.