0

I am using Ms Access as GUI and I am connectiong to PostgreSQL over ADO. I like to prevent SQL-Injection over user input.

I know there are prameterized Queries, but I don't get them to work so far. Anyway, my question is:

Is there a build in function to quote out user input or do I need to write my own function?

testo
  • 1,052
  • 2
  • 8
  • 24
  • 2
    ... Use parameterized queries. If those don't work, ask about it. Access doesn't support built-in quote escaping, and shouldn't, because [such methods don't provide true security](https://stackoverflow.com/q/860954/7296893) – Erik A Oct 08 '18 at 10:11
  • I will write a Question why my actual parameterized query code is not working. – testo Oct 08 '18 at 10:29

1 Answers1

1

There is no built-in function for this, so would have to roll your own.

That said, save that time and read up on queries and parameters in ADO. It is not that difficult - no magic - and many good tutorials are to be found for the browsing.

Gustav
  • 53,498
  • 7
  • 29
  • 55