When the user types special characters such as quotation marks or commas in an EditBox, the record cannot be saved since those characters interfere with the SQL code.

Is there any way I can modify the code below so as to prevent the special characters typed by the user from interfering with the Save procedure?




procedure TfrmArchivio.InsertText;

var
sSQL: String;
begin
sl3db.BeginTransaction;

sSQL := 'INSERT INTO lavoratori(ID,varNome,varIndirizzo,varCap,varCitta,varProv,varDataNasc,varLuogoNasc,';
sSQL := sSQL + 'varContratto,varPrestazione,varAssunzione,varCessazione,varCompenso,varProtocollo,varCodFisc,';
sSQL := sSQL + 'varIva,varTelCasa,varTelUff,varTelCel,varFax,varEmail,varNote,Ext)';

sSQL := sSQL + ' VALUES (NULL,"' + Trim(txtNome.Text) + '","' + Trim(txtIndirizzo.Text) + '","' + Trim(txtCap.Text) + '","';
sSQL := sSQL + Trim(txtCitta.Text) + '","' + Trim(txtProv.Text) + '","' + Trim(txtDataNasc.Text) + '","';
sSQL := sSQL + Trim(txtLuogoNasc.Text) + '","' + Trim(txtContratto.Text) + '","' + Trim(txtPrestazione.Text) + '","';
sSQL := sSQL + Trim(txtAssunzione.Text) + '","' + Trim(txtCessazione.Text) + '","' + Trim(txtCompenso.Text) + '","';
sSQL := sSQL + Trim(txtProtocollo.Text) + '","' + Trim(txtCodFisc.Text) + '","' + Trim(txtIva.Text) + '","';
sSQL := sSQL + Trim(txtTelCasa.Text) + '","' + Trim(txtTelUff.Text) + '","' + Trim(txtTelCel.Text) + '","';
sSQL := sSQL + Trim(txtFax.Text) + '","' + Trim(txtEmail.Text) + '","' + Trim(txtNote.Text) + '","JPG");';

sl3db.ExecSQL(sSQL);
sl3db.Commit;

end;


Thanks in advance.

Resolved thanks to another forum.

Thank you anyway.