asp_databases thread: RE: who is SQL guru..?
Message #1 by "Chirag Shah" <chiragiit@y...> on Fri, 26 Jul 2002 19:05:09
|
|
Something like is there at www.adopenstatic.com
Is there any way I can have something so that it will parse apostrophe in
entire SQL statement..?
Message #2 by "Peter Foti (PeterF)" <PeterF@S...> on Fri, 26 Jul 2002 13:37:25 -0400
|
|
You could create a proceedure for replacing the quote. Like so:
Function sql_quote( str )
str = Replace( str, "'", "''" )
sql_quote = "'" & str & "'"
End Function
Then you call this like so:
VALUES (" & sql_quote(Request.form("Name")) & ", ...
-Pete
> -----Original Message-----
> From: Chirag Shah [mailto:chiragiit@y...]
> Sent: Friday, July 26, 2002 5:00 PM
> To: ASP Databases
> Subject: [asp_databases] who is SQL guru..?
>
>
> My SQL Query has as usual aprostrophe problem:
> I also know the answer using replace function like this
> --------------------------------------------------------------------
> strCompanyName = Replace(Request.form("Company_NAME"), "'", "''")
> -------------------------------------------------------------------
>
>
> I do not want to do use Replace function for each Request.Form
> ("some_parameter") because my query(below) has many many
> fields any simple
> solutions. which will take care of entire SQL statement
>
> --------------------------------------------------------------
> -------------
> "INSERT INTO Leo
> (Name,AccountNo,BusinessName,BusinessAddress,City,State,ZipCod
> e,Phone,Have_
> Computer,Computer,Email,Email_Address,When_Getting_Email,Have_
> Website,Web_U
> RL,Planning_For_Website,Web_Planning_Timeframe,Order_Online,Wh
> ich_items_You
> _Order,Recommended_Websites,Interested_Online_Order,Email_Promotions)
> VALUES ('" & Replace(Request.form("Name"),"'","''") & "','" & Replace
> (Request.form("AccountNo"),"'","''") & "','" & Replace(Request.form
> ("BusinessAddress"),"'","''") & "','" & Replace(Request.form
> ("BusinessName"),"'","''") & "','" & Replace(Request.form
> ("City"),"'","''") & "','" & Request.form("State") & "','" &
> Request.form
> ("ZipCode") & "','" & Request.form("Phone") & "','" & Request.form
> ("Have_Computer") & "','" & Request.form("Computer") & "','"
> & Request.form
> ("Email") & "','" & Request.form("Email_Address") & "','" &
> Request.form
> ("When_Getting_Email") & "','" & Request.form("Have_Website")
> & "','" &
> Request.form("Web_URL") & "','" &
> Request.form("Planning_For_Website")
> & "','" & Request.form("Web_Planning_Timeframe") & "','" &
> Request.form
> ("Order_Online") & "','" & Replace(Request.form
> ("Which_items_You_Order"),"'","''") & "','" & Request.form
> ("Recommended_Websites") & "','" &
> Request.form("Interested_Online_Order")
> & "','" & Request.form("Email_Promotions") & "')"
> --------------------------------------------------------------
> ----------
>
Message #3 by "Chirag Shah" <chiragiit@y...> on Fri, 26 Jul 2002 17:00:02
|
|
My SQL Query has as usual aprostrophe problem:
I also know the answer using replace function like this
--------------------------------------------------------------------
strCompanyName = Replace(Request.form("Company_NAME"), "'", "''")
-------------------------------------------------------------------
I do not want to do use Replace function for each Request.Form
("some_parameter") because my query(below) has many many fields any simple
solutions. which will take care of entire SQL statement
---------------------------------------------------------------------------
"INSERT INTO Leo
(Name,AccountNo,BusinessName,BusinessAddress,City,State,ZipCode,Phone,Have_
Computer,Computer,Email,Email_Address,When_Getting_Email,Have_Website,Web_U
RL,Planning_For_Website,Web_Planning_Timeframe,Order_Online,Which_items_You
_Order,Recommended_Websites,Interested_Online_Order,Email_Promotions)
VALUES ('" & Replace(Request.form("Name"),"'","''") & "','" & Replace
(Request.form("AccountNo"),"'","''") & "','" & Replace(Request.form
("BusinessAddress"),"'","''") & "','" & Replace(Request.form
("BusinessName"),"'","''") & "','" & Replace(Request.form
("City"),"'","''") & "','" & Request.form("State") & "','" & Request.form
("ZipCode") & "','" & Request.form("Phone") & "','" & Request.form
("Have_Computer") & "','" & Request.form("Computer") & "','" & Request.form
("Email") & "','" & Request.form("Email_Address") & "','" & Request.form
("When_Getting_Email") & "','" & Request.form("Have_Website") & "','" &
Request.form("Web_URL") & "','" & Request.form("Planning_For_Website")
& "','" & Request.form("Web_Planning_Timeframe") & "','" & Request.form
("Order_Online") & "','" & Replace(Request.form
("Which_items_You_Order"),"'","''") & "','" & Request.form
("Recommended_Websites") & "','" & Request.form("Interested_Online_Order")
& "','" & Request.form("Email_Promotions") & "')"
------------------------------------------------------------------------
Message #4 by "Ken Schaefer" <ken@a...> on Mon, 29 Jul 2002 12:51:31 +1000
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "Chirag Shah" <chiragiit@y...>
Subject: [asp_databases] RE: who is SQL guru..?
: Something like is there at www.adopenstatic.com
: Is there any way I can have something so that it will parse apostrophe in
: entire SQL statement..?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
No - because:
a) some of the apostrophes *needed* - these are the SQL string delimiters
b) some of the apostrophes need to be *escaped* - these are the ones that
are part of your strings.
Unless you can work out some way of telling VBScript which ones to keep, and
which ones to escape, you are stuck.
My suggestion is:
a) use a stored procedues
b) use command/parameter objects
that way you don't need to escape ' at all.
Cheer
sKen
|
View Cart
