This solution implies that the data will always be used for a web
environment, effectively excluding the data from being easily used for
any other purpose.  The suggestion to properly escape the SQL statement
would be much more appropriate, but if you're in an environment that
supports it, it would be better yet to use a stored procedure.  In this
scenario, when you set the value of the parameter object you don't need
to be concerned about escaping it because ADO will take care of that for
you.

-----Original Message-----
From: Teng Fong SEAK [mailto:tfseak@f...]
Sent: Thursday, August 22, 2002 2:40 AM
To: asp_discuss
Subject: [asp_discuss] RE: Apostrophies in Strings

If this string is to be used as an HTML string, change the apostrophe to
' .
If it's JavaScript string, change it to \x27 .

I suppose you would soon encounter a similar problem with quote (").  In
that case, convert it to " (or ")  for HTML string, or \x22
for
JavaScript string.

Good luck,

Fong

> -----Original Message-----
> From: Dave Landolin [mailto:dave.landolin@o...]
> Sent: mercredi 21 ao=FBt 2002 23:32
> To: asp_discuss
> Subject: [asp_discuss] Apostrophies in Strings
>
>
> When the following code is executed it fails on syntax because of the
> apostrophy in the customer's name:
> sql1 =3D "select distinct invoice_id, Invoice_Date, Item_Id, "
> sql1 =3D sql1 + "Item_Name, Dollars "
> sql1 =3D sql1 + "from ds_detail "
> sql1 =3D sql1 + "where Customer_name =3D 'DAVE'S PAWN SHOP'"
>
> How can I get around this?
> I'm sure it's simple but it's making me nuts.
>
> Thanks,
> DL
>

Nope, my solution is appropriate when we need to write string into 
files (ie
dynamically creating HTML files).  But within a web page, if the 
apostrophe
is properly stored as a part of a string, it'll be easily used for any 
other
purpose.

Actually, the original poster didn't make it clear what he wanted to 
do, so
everyone guessed as one could to help him.

> -----Original Message-----
> From: Kyle M. Burns [mailto:lists@c...]
> Sent: dimanche 15 septembre 2002 01:15
> To: asp_discuss
> Subject: [asp_discuss] RE: Apostrophies in Strings
>
>
> This solution implies that the data will always be used for a web
> environment, effectively excluding the data from being easily used 
for
> any other purpose.  The suggestion to properly escape the SQL
> statement
> would be much more appropriate, but if you're in an environment that
> supports it, it would be better yet to use a stored
> procedure.  In this
> scenario, when you set the value of the parameter object you
> don't need
> to be concerned about escaping it because ADO will take care
> of that for
> you.
>
> -----Original Message-----
> From: Teng Fong SEAK [mailto:tfseak@f...]
> Sent: Thursday, August 22, 2002 2:40 AM
> To: asp_discuss
> Subject: [asp_discuss] RE: Apostrophies in Strings
>
> If this string is to be used as an HTML string, change the
> apostrophe to
> ' .
> If it's JavaScript string, change it to \x27 .
>
> I suppose you would soon encounter a similar problem with
> quote (").  In
> that case, convert it to " (or ")  for HTML string, or \x22
> for
> JavaScript string.
>
> Good luck,
>
> Fong
>
> > -----Original Message-----
> > From: Dave Landolin [mailto:dave.landolin@o...]
> > Sent: mercredi 21 ao=FBt 2002 23:32
> > To: asp_discuss
> > Subject: [asp_discuss] Apostrophies in Strings
> >
> >
> > When the following code is executed it fails on syntax
> because of the
> > apostrophy in the customer's name:
> > sql1 =3D "select distinct invoice_id, Invoice_Date, Item_Id, "
> > sql1 =3D sql1 + "Item_Name, Dollars "
> > sql1 =3D sql1 + "from ds_detail "
> > sql1 =3D sql1 + "where Customer_name =3D 'DAVE'S PAWN SHOP'"
> >
> > How can I get around this?
> > I'm sure it's simple but it's making me nuts.
> >
> > Thanks,
> > DL
> >
>
>
>
>