> >
> > The doc says:
> > If you want to include strings that have been received from a source
> > that is not trustworthy (for example, because a random user entered
> > them), you cannot directly include them in SQL queries for security
> > reasons. Instead, you have to quote special characters that are
> > otherwise interpreted by the SQL parser.
>
> hmm.., I did this on purpose. Because I want to grab SQL commands
> I previously stored in a table from one database, then reformat them
> and store them into another database.
> E.g. the reformatted string looks like:
> INSERT INTO tableOnAnotherDB(sqlCMD) values('delete from test where
> name=''\\\\''');
>
Ok, I see. I didn't think of that possibility. You are right.
Regards, Christoph