At 7:07 AM -0500 2000-04-29, Xiaolin Allen Zhao wrote:
> It is a kind of stupid question:
> insert into table_name (field_name) values ("test_block");
> But the text_block itself may contain "". Is there a better way of
> In fact, this is a cgi writen in C where
> sprintf(sql_command, "insert into table_name (field_name) values
> I see a trap in the statement when text_block itself contains some ""
> Any comments?
Escape the quote with a backslash. You can use the mysql_escape_string()
function from the MySQL C API to do this for you. See the C API
chapter of the MySQL Reference Manual.
Paul DuBois, paul@stripped