Skip to content Skip to sidebar Skip to footer
Home / Coronasdk / Lua / Sqlite

Sqlite : Insert Text With Single Quote Got From A Sql Request

Post a Comment
I have already check all the forums about this issue and I found a solution for my first insert, I used the 'double quoted' instead a single quote as follow: insertGiftShop(2,'pho

Solution 1:

Never ever put string values directly into an SQL string! This not only gives you formatting problems (as you have seen), but also allows SQL injection attacks.

Use parameters instead, then you don't need to escape quotes:

tx.executeSql("INSERT INTO MyTable(ID, Name, Description) VALUES(?,?,?)",
              [2, "photo02", "Modern City's skytrain"]);

Post a Comment for "Sqlite : Insert Text With Single Quote Got From A Sql Request"