Dear All,

I am writing a VB program that will execute SQL statements.
The SQL statements are dynamically generated based on users' input.

For example:

dim vsql as string

vsql = "INSERT INTO table1 VALUES(""" & Trim(Input1) & """)"

DBConnection.execute vsql

End Sub

The problem is when users are entering symbols like slash (\), single quote ('), or double quote ("). But it can be solved if I parse the string and replace the symbols that is accepted in my SQL statement, For example

\ Change to \\
" Change to ""

But the next problem is when they input double byte characters...

how can i parse the double byte characters and look for the symbols mentioned above?

I have checked MSDN reference
and obtained the following snippets...

Dim MyByteString() As Byte
' Map the string to a Byte array.
MyByteString = "ABC"
' Display the binary data.
For i = LBound(MyByteString) to UBound(MyByteString)
Print Right(" " + Hex(MyByteString(i)),2) + " ,";

although i can checked the two ascii values of the double byte characters, but the value is not the same with what i have checked in my text editor....

one double byte character hex value is
but when execute the program above it shows
CB 84

what is wrong?

even if i get it right, how to replace the symbols?
because BB 5C is a chinese word, but the ascii value 5C is "\" if i put it in my sql statement, it will return error, unless i can change the "\" to "\\"

please help.

Thanks and Best Regards