So, the fix is quite simple, stop using compile_insert_string() and compile_update_string() and let query_parameters() do the work. This way we can be sure that we won't be inserting strings with special formatting characters into the format portion of the query_parameters() call.
I'll take care of fixing this as soon as I get back home.
Chris
I was not really comfortable with that solution. compile_update_string was very nice for aligning the field with the value so it looked very clean. The trouble with doing it this way is that it is more prone to errors but if you say that is OK with you then I suppose it will do for me too.
I agree about the formatting. It was easier to line things up with the other external call to compile_*_string().
It may seem more prone to errors but this is how pear db, adodb, .net and others recommend performing queries. query_parameters() will ensure that the correct number of tokens is present for the number of variables provided so if there is a mismatch the query won't be executed.
I think the formatting you chose looks good and is just as good as what we had before.
Chris