Wrox Programmer Forums
|
Classic ASP Databases Discuss using ASP 3 to work with data in databases, including ASP Database Setup issues from the old P2P forum on this specific subtopic. See also the book forum Beginning ASP.NET Databases for questions specific to that book. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Databases section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old August 28th, 2003, 03:30 PM
Registered User
  
Join Date: Aug 2003
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default How to deal with String has ' in SQL Statement
Hi,
   If I write a SQL Statement in ASP like
"SELECT * FROM tblMember WHERE strFirstName = '" & request.form("txtFirstName") & "';"

If the txtFirstName doesn't have ' in the string, then there will have no problem.
But if the string has ' , how could I deal with this?
Please Help. Thank you.
 
Old August 28th, 2003, 04:00 PM
Imar's Avatar
Wrox Author
  
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default
Hi there,

You'll need to "escape" the ' with another ', like this:

INSERT INTO Users (UserName) VALUES ('O''Brien')

This will eventually insert O'Brien in the database.

In ASP, you can use the Replace method to accomplish this:

strFirstName = Request.Form("txtFirstName :)
strFirstName = Replace(strFirstName, "'", "''")

Now strFirstName is "SQL safe" because the single apostrophes have been escaped......


HtH,

Imar


---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.





Similar Threads
Thread Thread Starter Forum Replies Last Post
convert a SQL Statement from MS Access to a SQL Corey Access 6 March 28th, 2007 12:33 PM
SQL Statement??? carswelljr SQL Server 2000 2 August 25th, 2006 12:40 PM
HELP! How can I string a SQL statement together dstein4d Access VBA 19 February 2nd, 2006 01:35 PM
String Type Statement to convert field CORiverRat Access 5 December 15th, 2005 02:13 AM
SQL Statement stu9820 ASP.NET 1.0 and 1.1 Basics 1 September 30th, 2003 04:30 PM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.