_server.escapeQuotes()

Availability:

SmartFoxServer PRO 1.2.1

Usage:

_server.escapeQuotes(sqlStatement)

Description:

Checks the passed string and fixes possible problems with quotes (') and double quotes("). This method should be used every time you're dynamicall building SQL statements to execute in the DatabaseManager.

Example:

var sql = "SELECT italian_Phrase FROM translationDB WHERE english_Phrase = '" + phrase + "'";

Here we use single quotes (') to surround the string that will be searched in the database. If the phrase variable contains a single quote
(e.g. phrase = "Let's go") you will obtain a malformed SQL statement and an exception will be thrown.
To avoid any possible problem with strings you should use this code instead:

var sql = "SELECT italian_Phrase FROM translationDB WHERE english_Phrase = '" + _server.escapeQuotes(phrase) + "'";

Parameters:

sqlStatement     - a string

Returns:

The correct version of the string.

Example:

var sql = "SELECT italian_Phrase FROM translationDB WHERE english_Phrase = '" + _server.escapeQuotes(phrase) + "'";

See also: