number format

Hi,

Our thousand seperator is period, and decimal seperator is comma.

so a number looks like this: 1.456,60

formatnumber() produces above format.

When entering this value into database, I get error, because comma is
also used by SQL to separate records.

If the number is smaller than thousand, I can solve thi sby replacing
comma with period. but when the number is thousand or greater, I cant
fix it.

Can anyone tell me a workaround for this please?

"M. Savas Zorlu" <savas@zorlumail.comwrote in message
news:O0iYd$VHJHA.3668@TK2MSFTNGP05.phx.gbl...

Quote:

Hi,
>
Our thousand seperator is period, and decimal seperator is comma.
>
so a number looks like this: 1.456,60
>
formatnumber() produces above format.
>
When entering this value into database, I get error, because comma is also
used by SQL to separate records.
>
If the number is smaller than thousand, I can solve thi sby replacing
comma with period. but when the number is thousand or greater, I cant fix
it.
>
Can anyone tell me a workaround for this please?
>

Stop using formatnumber for this job. Also you are probably using string
contentation to build up your SQL string including the parameter. Stop
doing that as well. Use a command object and add parameters for the
appropriate type.

--
Anthony Jones - MVP ASP/ASP.NET

Hi Anthony,

Can you please explain string contentation? and can you please give an
example of using a command object?

regards,

Savas

Anthony Jones wrote:

Quote:

"M. Savas Zorlu" <savas@zorlumail.comwrote in message
news:O0iYd$VHJHA.3668@TK2MSFTNGP05.phx.gbl...

Quote:

>Hi,
>>
>Our thousand seperator is period, and decimal seperator is comma.
>>
>so a number looks like this: 1.456,60
>>
>formatnumber() produces above format.
>>
>When entering this value into database, I get error, because comma is
>also used by SQL to separate records.
>>
>If the number is smaller than thousand, I can solve thi sby replacing
>comma with period. but when the number is thousand or greater, I cant
>fix it.
>>
>Can anyone tell me a workaround for this please?
>>

>
>
Stop using formatnumber for this job. Also you are probably using
string contentation to build up your SQL string including the
parameter. Stop doing that as well. Use a command object and add
parameters for the appropriate type.
>
>
>

"M. Savas Zorlu" <savas@zorlumail.comwrote in message
news:u06eP9XHJHA.3548@TK2MSFTNGP05.phx.gbl...

Quote:

Hi Anthony,
>
Can you please explain string contentation?

sSQL = "UPDATE myTable SET myField = " & myNumber

The problem is if myNumber is ultimately supplied by the client a malicious
person can inject SQL code that will do bad things. Search google for SQL
Injection.

Quote:

and can you please give an example of using a command object?
>

See this:-
http://msdn.microsoft.com/en-us/library/ms524771.aspx

--
Anthony Jones - MVP ASP/ASP.NET

Thanks Anthony

Anthony Jones wrote:

Quote:

"M. Savas Zorlu" <savas@zorlumail.comwrote in message
news:u06eP9XHJHA.3548@TK2MSFTNGP05.phx.gbl...

Quote:

>Hi Anthony,
>>
>Can you please explain string contentation?

>
sSQL = "UPDATE myTable SET myField = " & myNumber
>
The problem is if myNumber is ultimately supplied by the client a
malicious person can inject SQL code that will do bad things. Search
google for SQL Injection.
>

Quote:

>and can you please give an example of using a command object?
>>

>
See this:-
http://msdn.microsoft.com/en-us/library/ms524771.aspx
>

number format

re: number format

re: number format

re: number format

re: number format

Similar ASP / Active Server Pages bytes

/bytes/development

/bytes/it

/bytes/about