[ic] "==" and "!=" as DB field values

Peter peter at pajamian.dhs.org
Mon Oct 27 12:16:27 EST 2003

Grant wrote:
>>Most problems with content of the field would mostly occur with control 
>>characters (ascii less than 32) and characters that need escaping in SQL 
>>Behaviour for control characters within a string is undefined (what does 
>>SQL do if there is a carriage return or newline in a string before the 
>>string is terminated?).
>>In SQL statements, strings are enclosed between apostrophes ('), so if 
>>your strings contain apostrophes and you want to send them to an SQL 
>>field, you need escape them by doubling them, otherwise the first 
>>apostrophe in your string will be considered to be string terminator. In 
>>the best case this would cause incorrect SQL syntax; in the worst case, 
>>an improperly escaped apostrophe can compromise the security of your 

Doesn't IC escape these automatically via the DBI quote function or via 
'?'-type parameters?


More information about the interchange-users mailing list