带'号或空格的字符串查询如何解决???
例如:
username = "abd'fgd"
address = "dfs fsd"
sqlstr ="select * from table1 where name ='"&username&"'"
conn.excute sqlstr
sqlstr ="select * from table2 where address ='"&address&"'"
conn.excute sqlstr
由于username中带有'号或空格,使语句出现错误,该如何解决??