"fniles" < XXXX@XXXXX.COM > wrote in
Don't construct a SQL string with parameters on the fly - this is ripe for
SQL injection attacks.
Use SQL Parameters please!
What is a SQL Injection Attack and how to use SQL Parameters:
P.S. But if you insist on being careless ;-), to insert a single quote you
would double it... i.e. 'O''Toole'