Scott wrote:
Quote:
I've got a db that has a table called USERS that contains ip
addresses for each record. Below, I'm trying to select any user with
an ip address equal to the variable "usserIP". What are the proper
quotes to use when using SQL to compare a string variable to a text
column?
The database is an Access 2000 database and I'm using ASP Classic.
>
CODE: ***********************
>
sSQL = "SELECT * FROM Users WHERE IP= " & "'" & userIP & "'"
|
With Jet, either full quotes or single quotes (apostrophes) may be used. Of
course, you could use parameters and never have to worry about delimiters
again, as well as eliminating the possibility that a hacker could compromise
your site using sql injection. See:
http://groups-beta.google.com/group/...e36562fee7804e
--
Microsoft MVP - ASP/ASP.NET - 2004-2007
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"