In database applications, you often need to dynamically generate SELECT statements, typical situations: sqlstring = "Select * from mybas where name = '" & text1 & "" "Ok, the problem appears, if there is a single in the entry Text1 Quotation marks, the result is that when SQLString is sent to the database, it will be wrong!
In fact, the prevention to do is very simple, add a function:
Function checkstring (s) as stringpos = INSTR (s, "') While Pos> 0s = MID (S, 1, POS) &"' "& MID (S, POS 1) POS = INSTR (POS 2, s, "'") Wend
Checkstring = "'" & s & "'" End Function
In the future, generate a SELECT statement in the future, use: sqlstring = "SELECT * from mybas where name =" & checkstring (Text1)
