When building the query for a retrieve on a field with a
quote we get a statement like select * from users where
(user_id = 'Paul''s Test').
The search value Paul' Test, gets quotes, and all quotes
in the string get a preceeding quote too. This probably
works fine for Oracle, but in SQLServer it does not seem
However when writing a record with a field with a quote it
in, it works.
To to test, create a basic maintenace form (with add and
delete options, add a row with a ' in the key field. Now
try and delete the row. It should fail, as it can construct
a valid where clause to delete the row.
Log in to post a comment.