Skip to Content
0
Former Member
Mar 22, 2006 at 06:18 PM

Recordset question

14 Views

hey All,

Does anyone know how I can ensure my SQL statements that get passed to the recordset object do not contain any illegal characters?

For ex we use the following code:

RS.DoQuery("SELECT U_ZONE FROM OCPR WHERE CardCode = '" + vendCode + "' AND NAME = '" + shipFrom + "' ORDER BY Name");

If the shipFrom variable has single quotes it will throw an SQL exception.

In normal .NET I would use a sqlparameter of course to fix this issue. Has anyone found a similar method in the SDK?