"Pepe" <no***@nowhere.com> wrote in message
news:2006030616555716807-noone@nowherecom...
I use the following line to create a recordset. The s4, in the LIKE
statement, is text of a filepath and some of the files have an ( ' )
apostrophe in the file name. The code will not add those files to the
recordset. Is there a way to get around this without changing all the
filenames?
rs2 = App.eBookDB.SQLSelect("SELECT * FROM eBooks WHERE FilePath LIKE '%"
+ s4 + "%'")
The safest way is to use parameterized queries. I can't tell from your
example which language or object library you're using, but any programming
interface should support parameters for queries.
So your query would be something like:
rs2 = App.eBookDB.SQLSelect("SELECT * FROM eBooks WHERE FilePath LIKE
CONCAT('%', ?, '%')")
And then you need to supply your s4 as the parameter, which assigns the
value of s4 to the ? parameter in the SQL statement. This avoids problems
with special characters in the value of s4, and it also helps to protect
against SQL injection security flaws.
The method for supplying the parameter depends on the language and object
library you're using. Refer to your documentation.
Regards,
Bill K.