X-Git-Url: https://git.saurik.com/wxWidgets.git/blobdiff_plain/154b6b0f0eda0007d7ffbbfacff7e57c5861c28b..39434ba375389eab72ad84184d6d54a92c2b3551:/docs/latex/wx/db.tex

diff --git a/docs/latex/wx/db.tex b/docs/latex/wx/db.tex
index 88cd6ca6e3..1e7a688641 100644
--- a/docs/latex/wx/db.tex
+++ b/docs/latex/wx/db.tex
@@ -707,6 +707,25 @@ Drops the data table view named in 'viewName'.
 
 If the view does not exist, this function will return true.  Note that views are not supported with all datasources.
 
+\membersection{wxDb::EscapeSqlChars}\label{wxdbescapesqlchars}
+
+\func{wxString}{EscapeSqlChars}{\param{const wxString\& }{value}}
+
+This function is used internally by wxWidgets while building SQL statements.
+It has been provided to help users who wish to explicity construct SQL
+statements to be sent to the server.  The function takes the value passed and
+returns it with any special characters escaped.  Which characters are
+considered special depends on what type of datasource the object is connected
+to.  For example, most database servers use a backslash as the escape
+character; if the value passed contains a backlash it will be replaced with a
+double backslash before it is passed to the server.  This function can be used
+to avoid passing statements with syntax errors to the server as well as prevent
+SQL injection attacks.
+
+\wxheading{Parameters}
+
+\docparam{value}{The value to be escaped.}
+
 \membersection{wxDb::ExecSql}\label{wxdbexecsql}
 
 \func{bool}{ExecSql}{\param{const wxString \&}{pSqlStmt}}
@@ -1364,7 +1383,7 @@ When called with {\it sqlLogOFF}, the logging file is closed, and any calls to \
 
 \membersection{wxDb::SQLColumnName}\label{wxdbsqlcolumnname}
 
-\func{const wxString}{SQLColumnName}{\param{const char *}{ colName}}
+\func{const wxString}{SQLColumnName}{\param{const wxChar *}{ colName}}
 
 Returns the column name in a form ready for use in SQL statements.
 In most cases, the column name is returned verbatim.  But some databases
@@ -1386,7 +1405,7 @@ before including the column name in a SQL statement}
 
 \membersection{wxDb::SQLTableName}\label{wxdbsqltablename}
 
-\func{const wxString}{SQLTableName}{\param{const char *}{ tableName}}
+\func{const wxString}{SQLTableName}{\param{const wxChar *}{ tableName}}
 
 Returns the table name in a form ready for use in SQL statements.
 In most cases, the table name is returned verbatim.  But some databases