473,395 Members | 1,968 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > searches and returns with an apostrophe

Join Bytes to post your question to a community of 473,395 software developers and data experts.

searches and returns with an apostrophe

JJP
hi,
I am searching a SQL database from an ASP page.
When the user enters criteria with an apostrophe in it, result set is empty
when there should be records.

For example, the SQL database contains the record Children's Museum
When a search is done without an apostrophe i.e. "children", the record is
returned.
When a search is done with an apostrophe i.e. "children's", the record is
NOT returned.

Here is the code:

sql="SELECT OrgName, City, State FROM tblCharReg WHERE (OrgName LIKE '%" &
Srchvarf & "%') ORDER BY OrgName"

"Srchvarf" is a variable that holds OrgName that the user enters

Thanks in advance.

Sep 30 '05 #1
1 1525
And what happens when the person enters this search string? (DON'T TRY IT.)

'; DROP TABLE tblChargReg

The way a ' is escaped in SQL is by doubling at up. At an absolute minimum,
handle that character.

Srchvarf = Replace(Srchvarf, "'", "''")

REad about SQL injection.

Ray at work


"JJP" <an*******@discussions.microsoft.com> wrote in message
news:uN**************@TK2MSFTNGP09.phx.gbl...
hi,
I am searching a SQL database from an ASP page.
When the user enters criteria with an apostrophe in it, result set is
empty when there should be records.

For example, the SQL database contains the record Children's Museum
When a search is done without an apostrophe i.e. "children", the record is
returned.
When a search is done with an apostrophe i.e. "children's", the record is
NOT returned.

Here is the code:

sql="SELECT OrgName, City, State FROM tblCharReg WHERE (OrgName LIKE '%"
& Srchvarf & "%') ORDER BY OrgName"

"Srchvarf" is a variable that holds OrgName that the user enters

Thanks in advance.

Sep 30 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
The dreaded apostrophe & sql
by: Meyer1228 | last post by:
You all helped me with function keys last week. Thanks so much; your advice was right on. My question now - does anyone have a function that I can use to test my sql statements for the...
Visual Basic 4 / 5 / 6
2
apostrophe
by: Michael Sterling | last post by:
i'm using delphi 7 and have a query in which i'm trying to find names that have an apostrophe in them, i.e. "o'mally". my problem is that when i write my select statement i can't get the quotes...
Microsoft SQL Server
13
how to forbid an apostrophe in text box (input mask?)
by: Richard Hollenbeck | last post by:
To prevent future apostrophe bugs and errors, isn't it just simpler to forbid an apostrophe from being entered into a text field? For example, couldn't "Alice's Restaurant" be changed to "Alices...
Microsoft Access / VBA
1
wierd export excel apostrophe problem
by: congngo | last post by:
Hi all Every time I export a table into an excel spreadsheet. It has a leading apostrophe on every cells. This drive me nut. I have to do a work around by export table into a txt file than...
Microsoft Access / VBA
1
apostrophe in parameterised SP call trouble
by: spacehopper_man | last post by:
hi - I am having "apostrophe in sql" problems ;) I am executing a stored procedure on SQL Server - and passing in a string parameter. the string has a single apostrophe in it. the call...
ASP.NET
1
apostrophe in href path
by: Rose | last post by:
Hi all, I'm trying to create a clickable link, but the pesky apostrophe is preventing the link from getting displayed properly. I'm displaying the contents of a folder (with contains the...
C# / C Sharp
2
Apostrophe in Column value of DataTable select query
by: Tom | last post by:
Hi, I have some kind of problems with an apostrophe character ('). I would like to select from DataTable DataRow containing value horses' (with an apostrophe on the end). But when I do it in an...
C# / C Sharp
9
Re: XHTML 1.0 Strict and the Apostrophe
by: Thomas 'PointedEars' Lahn | last post by:
Jukka K. Korpela wrote: IBTD. For example, in English it is customary (and AIUI expected) to use the character that ’ represents should be used to delimit a quotation within direct speech...
HTML / CSS
4
Backslash-apostrophe POOF.
by: Razzbar | last post by:
I'm working on a bookmarklet that grabs information from a page and submits it to a server. Yet another social bookmarking application. I'm having trouble with page titles that include an...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!