On 10/27/05, Oleg Broytmannwrote: > On Wed, Oct 26, 2005 at 07:21:17PM -0700, Shalabh Chaturvedi wrote: > > This would be SQL-escaped similar to the way HTML is escaped within PTL > > You can eacape an HTML snipet because there one clearly defined standrd > escame method. > You cannot escape an SQL query because there are too many slightly > different SQLs. .... and you generally shouldn't paste escaped values into SQL statements, but rather use bind variables in any case. Paul.