Hi List,
After quite a bit more exploration, I discovered that if I remove the
Encode_SQL formating when inserting into the db, suddenly all the
characters come back out of the db perfect. The problem then was
vulnerability to SQL Injection attacks. So, I ditched my inline
which used a sql statement:
var('sql')="Insert into wordchars (thestring) values ('" +
(Encode_SQL: $text) + "');";
inline(-database="curricul_wordchars", -table="wordchars", -sql=($sql));
and used a lasso command inline (I don't know what you call it) like so:
inline(-database="curricul_wordchars", -table="wordchars", -
keyfield="id", "thestring"=($text), -Add);
And it works great!
So, I guess my question now is what is the difference - what is lasso
doing to the string to prevent the SQL Injection and can I do that in
a self written sql command? Any ideas?
Todd V
--
This list is a free service of LassoSoft:
http://www.LassoSoft.com/Search the list archives:
http://www.ListSearch.com/Lasso/Browse/Manage your subscription:
http://www.ListSearch.com/Lasso/
