Yes, please follow the
Solution #1. You can cause the
SQL Injection[
^]. Always go with parameterized query.
And the solution:
sql = "INSERT INTO table (name, email, description) VALUES ('myname', 'email', 'I can''t insert here with don''t or can't with the word has '' in it')"
You need to escape the single quote with the single quote ;)
Try this & let me know if it works.
-KR