I'm sure this has to be a simple fix. I just cannot figure it out.
To resolve the typical apostrope issue, I have the
acarriername = Replace(txtcarriername.text, "'", "''")
My problem is that 2 apostrophes are now inserted, instead of one. For
example if someone types in IT'S NICE, when it is displayed in the input
text box later (to allow a user to change it), it says IT''S NICE.
This is a sql 2000 database.
Thanks for the help.
*** Sent via Developersdex http://www.developersdex.com *** 13 2033
How are you inserting the data into the database? If you are using a
command object and passing the values into a parameter, you don't need to do
the replace since it is handled for you by the provider.
Can you show all of your code so we don't have to guess and grasp at straws?
"Joey Martin" <jo**@infosmiths.net> wrote in message
news:%2***************@tk2msftngp13.phx.gbl... I'm sure this has to be a simple fix. I just cannot figure it out.
To resolve the typical apostrope issue, I have the acarriername = Replace(txtcarriername.text, "'", "''")
My problem is that 2 apostrophes are now inserted, instead of one. For example if someone types in IT'S NICE, when it is displayed in the input text box later (to allow a user to change it), it says IT''S NICE.
This is a sql 2000 database.
Thanks for the help.
*** Sent via Developersdex http://www.developersdex.com ***
Joey Martin wrote: I'm sure this has to be a simple fix. I just cannot figure it out.
To resolve the typical apostrope issue, I have the acarriername = Replace(txtcarriername.text, "'", "''")
My problem is that 2 apostrophes are now inserted, instead of one. For example if someone types in IT'S NICE, when it is displayed in the input text box later (to allow a user to change it), it says IT''S NICE.
Only do the replace when writing the data into the database. Do not do it
any other time.
Better yet, stop using dynamic sql. The only reason you have to escape the
apostrophe is because you are not using parameters. See these: http://groups.google.com/groups?hl=e...tngp13.phx.gbl http://groups-beta.google.com/group/...e36562fee7804e http://tinyurl.com/jyy0
If this does not answer your question, post a short repro script so we can
see what you're doing.
HTH,
Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Current code:
Set RS = Server.CreateObject("ADODB.Recordset")
sqlUpdate = "SELECT * FROM ricprops WHERE propno='" & Request("id") &
"'"
RS.open sqlUpdate,Conn,1,3
RS("comments") = Replace(Request.form("comments"), "'", "''")
RS.Update
RS.Close
*** Sent via Developersdex http://www.developersdex.com ***
Ugh. How about:
comments = replace(request.form("comments"), "'", "''")
id = replace(request.form("id"), "'", "''")
sql = "UPDATE ricprops SET comments = '" & comments & "' WHERE propno='" &
id & "'"
conn.execute sql,,129
Or see Bob's link.
Note you should use request.form() not the lazy request().
Also, why is the column propno a character datatype? Terrible name--no
implies number.
Bob,
Not sure I understand your comments about not using dynamic sql. I read
the documents and it seems as if I do it the correct way. USUALLY, I do
not use a recordset to update variables. My current code does, because
it's old code and I never re-wrote it. Usually, I do the following:
if request("submit")<> "" then
v1=Replace(Request.form("v1"), "'", "''")
v2=Replace(Request.form("v2"), "'", "''")
sql="update table set v1='" & v1 & "',v2='" & v2 & "' where id='1'"
conn.execute (sql)
Is that incorrect? Doing it this way, I still get the double apostrophe.
*** Sent via Developersdex http://www.developersdex.com ***
Aaron,
What made you think propno is a CHAR datatype? It is INT.
The way you wrote the code is how I USUALLY do it.
But, doing it that way,as you wrote, I still receive double apostrophes.
THANKS!!
*** Sent via Developersdex http://www.developersdex.com ***
> sql="update table set v1='" & v1 & "',v2='" & v2 & "' where id='1'" conn.execute (sql) Is that incorrect? Doing it this way, I still get the double apostrophe.
Then you are also doing the replace when you DISPLAY the data, which you
shouldn't be doing.
> What made you think propno is a CHAR datatype? It is INT.
Because in your query, you surround it with quotes: WHERE propno='" & Request("id") & "'"
If it's an INT, don't do that!
A
Aaron,
When displaying the data in my textarea box, here is the code:
<textarea cols="30" rows="10"
name="comments"><%=trim(rs("comments"))%></textarea>
At that time, it displays IT''S NICE.
*** Sent via Developersdex http://www.developersdex.com ***
There's something missing or that you're not telling us. Do you understand
why replace() is used when passing data *to* the statement, but not when
retrieving the data from the database? Are you sure you didn't enter two
apostrophes into the form?
While you've told us that you are doing this correctly, we have no way to
verify that you really are. It sounds to me like you're not.
Sorry, but I don't know how else to help you. When displaying the data in my textarea box, here is the code: <textarea cols="30" rows="10" name="comments"><%=trim(rs("comments"))%></textarea>
At that time, it displays IT''S NICE.
Joey Martin wrote: Bob, Not sure I understand your comments about not using dynamic sql. I read the documents and it seems as if I do it the correct way. USUALLY, I do not use a recordset to update variables. My current code does, because it's old code and I never re-wrote it. Usually, I do the following:
if request("submit")<> "" then v1=Replace(Request.form("v1"), "'", "''") v2=Replace(Request.form("v2"), "'", "''")
sql="update table set v1='" & v1 & "',v2='" & v2 & "' where id='1'" conn.execute (sql)
Wait a minute. Earlier you showed this code:
Set RS = Server.CreateObject("ADODB.Recordset")
sqlUpdate = "SELECT * FROM ricprops WHERE propno='" & Request("id") &
"'"
RS.open sqlUpdate,Conn,1,3
RS("comments") = Replace(Request.form("comments"), "'", "''")
RS.Update
RS.Close
When updating a recordset field, do NOT escape (double up) the aprostrophe.
Change it to:
RS("comments") = Request.form("comments")
The only time you need to escape the apostrophe is when you are building
dynamic sql as in the update statement you show above.
Is that incorrect? Doing it this way, I still get the double apostrophe.
I don't think so. Create a page with just this code in it:
<%
dim conn, sql, rs, input, output
input="it's nice"
set conn=createobject("adodb.connection")
conn.open "your connection string"
sql= "update ricprops set comments='" & _
Replace(input, "'", "''") & _
"WHERE propno=1"
conn.execute sql,,129
sql="select comments from ricprops WHERE propno=1"
set rs=conn.execute(sql,,1)
output=rs(0).value
rs.close:set rs=nothing
conn.close: set conn=nothing
%>
<html><body>
I guarantee this will contain only one apostrophe:<BR>
<textarea cols="30" rows="10"
name="comments"><%=trim(rs("comments"))%></textarea>
</body></html>
Run the page.
Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
"Aaron Bertrand [SQL Server MVP]" wrote Note you should use request.form() not the lazy request().
Hi Aaron - What's the downside of request only? is the overhead of all the
request objects being hunted through? I sometimes use it to be able to test
processing pages with a querystring without having to rewrite the forms on
the previous page.
Thanks
Giles
> Hi Aaron - What's the downside of request only? is the overhead of all the request objects being hunted through?
http://www.aspfaq.com/2111
I sometimes use it to be able to test processing pages with a querystring without having to rewrite the forms on the previous page.
You could test which method was used and handle it in a function, test
Request.ServerVariables("REQUEST_METHOD") *once*... then you could use
something like req("item") instead of having to change them. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Joe Van Meer |
last post by:
Hi all,
Been a while since I've done any asp coding, but happy to be getting back
into it. My question is what is the best way (now) to handle apostrophes
coming in from forms and going into...
|
by: Lord Merlin |
last post by:
When I insert info into a DB from a form, it cuts the string off at the
first apostrophe (").
How would I make it insert the data as-is, with the apostrophes?
Here is the code used to insert the...
|
by: Les Juby |
last post by:
A client needs a routine to alert him as to which memo records in an
Access-2000 database have had double apostrophes inserted in the text.
These are stopping a Java mouseover from executing.
...
|
by: James Foreman |
last post by:
I've got a set of emails in a table, where sometimes they've failed to
input the @ properly.
Eg james.foreman'abcmail.co.uk
How do I write a replace to deal with that?
Also, I've got a set...
|
by: Richard Hollenbeck |
last post by:
I have an email field and a command button to send email. The
problem is that when the email program opens up there are
apostrophes around the email address that I have to manually
remove before...
|
by: Mike C# |
last post by:
Hi all,
I'm using std::strings in a program, and was wondering what the most
efficient method of performing the following two tasks would be:
1. Locate all apostrophes (') in a string and...
|
by: wizard_chef |
last post by:
I have a fairly large DB application written in asp and VBA. It appears
that when I first create a record, I must use a "replace" filter to
double quote all apostrophes in the input fields....
|
by: Earl |
last post by:
Anyone know why the RowFilter has to be double-escaped? Anticipating names
with apostrophes, a single escape does not provide the proper name to filter
on.
For example, this would cause an...
|
by: Lucanos |
last post by:
Hey Guys,
Probably a simple question, but one I am struggling with all the same.
I know that in PHP you wrap a text string in apostrophes or quotations
- (examples $variable = 'this string' OR...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |