Does anyone know how I can ensure my SQL statements that get passed to the recordset object do not contain any illegal characters?
For ex we use the following code:
RS.DoQuery("SELECT U_ZONE FROM OCPR WHERE CardCode = '" + vendCode + "' AND NAME = '" + shipFrom + "' ORDER BY Name");
If the shipFrom variable has single quotes it will throw an SQL exception.
In normal .NET I would use a sqlparameter of course to fix this issue. Has anyone found a similar method in the SDK?