I have a variable IniLoc which is populated from a datagridview, the result being "D:\FTPROOT\FRED" Thats no problem.
Later on in my code I want to write this back to my database and I use myCommand.Connection = conn
myCommand.CommandText = "INSERT INTO `incidentmon` (`Subject`, `IncidentDate`, `IncidentFolder`,`Status` ) VALUES ('" & Subject & "', '" & NewDate & "', '" & IniLoc & "\" & Subject & "', 'Processing');"
subject = Test for this example.
And sure enough it writes back to the database, however, the IniLoc field that is written back appears as
"D:FTPROOTFREDTest"
How can I get it to write back including the \'s in the right places?
using parameters will also avoid sql injection. ...