> >> > The doc says:> > If you want to include strings that have been received from a source> > that is not
trustworthy(for example, because a random user entered> > them), you cannot directly include them in SQL queries for
security>> reasons. Instead, you have to quote special characters that are> > otherwise interpreted by the SQL
parser.>>hmm.., I did this on purpose. Because I want to grab SQL commands> I previously stored in a table from one
database,then reformat them> and store them into another database.> E.g. the reformatted string looks like:> INSERT
INTOtableOnAnotherDB(sqlCMD) values('delete from test where> name=''\\\\''');>
Ok, I see. I didn't think of that possibility. You are right.
Regards, Christoph
