NEWBIE Question: Expected "" in search condition

aasiddle · March 4th, 2007, 10:55 AM

Hello people and many thanks for taking the time to read this. I have the following problem and cant seem to find the answer anywhere.

I have a search page and a results page. The search page appends a query string to the url and the results page takes the query and does a search on the sql database. Now this is fine if I just enter 1 word but if I enter two words such as "West Kington" it produces the error in the title. If I do a manual search entering the quotes it works fine. How do I go about appending the quotes to the search?

Many thanks again

ciderpunx · March 4th, 2007, 12:11 PM

Hey,

Don't know what language you're using to talk to your database but you could do something like this perl version:

Code:

$sql = "SELECT * FROM table WHERE NAME='$search_term'";

In ruby, you could say:

Code:

sql = "SELECT * FROM table WHERE NAME='#{search_term}'";

or in java:

Code:

String sql = new String( "SELECT * FROM table WHERE NAME='" + search_term + "'" );

The +s are the concatenation operator, in perl interpolation means you don't need to concatenate. You can google concatenation or interpolation for your language.

HTH

--
Charlie Harvey's website - linux, perl, java, anarchism and punk rock: http://charlieharvey.org.uk

aasiddle · March 4th, 2007, 12:17 PM

Thanks for the reply. I am actually working with ASP.net and here is the code

<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ListingDBConnectionString %>"
            SelectCommand="SELECT [CompName], [Town], [Tele] FROM [CompanyDetails] WHERE (([CompName] = @CompName) OR (CONTAINS([CompName], @CompName2))) ORDER BY [CompName]">
            <SelectParameters>
                <asp:QueryStringParameter Name="CompName" QueryStringField="cn" Type="String" />
                <asp:QueryStringParameter Name="CompName2" QueryStringField="cn" Type="String" />
            </SelectParameters>
        </asp:SqlDataSource>

ismith · March 13th, 2007, 10:29 AM

In VB .NET, you can put quotation marks around a string like this:

Dim strTest = """" & stringToQuote & """"

(Note the two sets of four double quote characters!)

In C#, do this:

string strTest = "\"" + stringToQuote + "\""

\" is the escape sequence for a double quote and (of course) you have to surround it with double quote characters as well. So we have three instead of four.

If you do that with the string before appending it to the url, it should solve your problem.

Irene

dparsons · March 13th, 2007, 10:36 AM

Alternatively you could do

VB.NET
Dim sSql = "SELECT * from table where value = '" & variable & "'"
C#
string sSql = "SELECT * from table where value = '" + variable + "'";

================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
^^Took that from planoie's profile^^
^^Modified text taken from gbianchi profile^^
================================================== =========
Technical Editor for: Professional Search Engine Optimization with ASP.NET
http://www.wiley.com/WileyCDA/WileyT...470131470.html
================================================== =========
Why can't Programmers, program??
http://www.codinghorror.com/blog/archives/000781.html
================================================== =========

Stansbury · March 19th, 2007, 03:49 PM

Or
DIM q$
q$ = chr$(34)

sSQL = "SELECT * FROM table WHERE value = " & q$ & variable & q$ & ";"

Best wishes,
BW