Strings / escapeSQL

escapeSQL(string)

Returns the given string with special SQL characters escaped. This is a fairly simplistic function - it just replaces single quotes with two single quotes, and backslashes with two backslashes. See system.db.runPrepUpdate for a much safer way to sanitize user input.

"SELECT * FROM mytable WHERE option = '" + escapeSQL("Jim's Settings") + "'"

... returns SELECT * FROM mytable WHERE option='Jim''s Settings'

"SELECT * FROM mytable WHERE option = '" 

 + escapeSQL({Root Container.TextField.text}) + "'"

... returns a query with sanitized user input from a text field.