How can I handle the user entering single quotes like in
Bob's mini mart?
If I use command objects will this no longer be an issue?
I guess that would mean no simple adhoc SQL statements right?
like SELECT name from WHATEVER
would need a command object with
"SELECT @NAME, etc.
and then params
is this the way to solve the problem?
Thanks,
Shane 6 4917
try inserting the char code. I believe it's 39 - - CHR(39)
"SStory" <Th*******@TAKEOUTTHISSPAMBUSTERsofthome.net> wrote in message
news:OQ**************@TK2MSFTNGP12.phx.gbl... How can I handle the user entering single quotes like in
Bob's mini mart?
If I use command objects will this no longer be an issue?
I guess that would mean no simple adhoc SQL statements right?
like SELECT name from WHATEVER
would need a command object with
"SELECT @NAME, etc. and then params
is this the way to solve the problem?
Thanks,
Shane
At least with SQL Server, it recognizes two single quotes as a single
quote inside single quote delimiters. Huh??
select * from table where name = 'Bob''s mini mart'
Notice two single quotes between b and s of Bob's. Use a replace
method to get it that way.
On Tue, 1 Jun 2004 19:05:36 -0400, "Scott M." <s-***@nospam.nospam>
wrote: try inserting the char code. I believe it's 39 - - CHR(39)
"SStory" <Th*******@TAKEOUTTHISSPAMBUSTERsofthome.net> wrote in message news:OQ**************@TK2MSFTNGP12.phx.gbl... How can I handle the user entering single quotes like in
Bob's mini mart?
If I use command objects will this no longer be an issue?
I guess that would mean no simple adhoc SQL statements right?
like SELECT name from WHATEVER
would need a command object with
"SELECT @NAME, etc. and then params
is this the way to solve the problem?
Thanks,
Shane
Yes, you should use Parameter objects.
This is the best practice solution.
Here's more info: http://msdn.microsoft.com/library/de...isualbasic.asp
--
I hope this helps,
Steve C. Orr, MCSD, MVP http://Steve.Orr.net
"SStory" <Th*******@TAKEOUTTHISSPAMBUSTERsofthome.net> wrote in message
news:OQ**************@TK2MSFTNGP12.phx.gbl... How can I handle the user entering single quotes like in
Bob's mini mart?
If I use command objects will this no longer be an issue?
I guess that would mean no simple adhoc SQL statements right?
like SELECT name from WHATEVER
would need a command object with
"SELECT @NAME, etc. and then params
is this the way to solve the problem?
Thanks,
Shane
That won't cut it in .NET. It will be seen as two strings next to each
other without any concatenation.
"Dan Brussee" <db******@nc.rr.com> wrote in message
news:qr********************************@4ax.com... At least with SQL Server, it recognizes two single quotes as a single quote inside single quote delimiters. Huh??
select * from table where name = 'Bob''s mini mart'
Notice two single quotes between b and s of Bob's. Use a replace method to get it that way.
On Tue, 1 Jun 2004 19:05:36 -0400, "Scott M." <s-***@nospam.nospam> wrote:
try inserting the char code. I believe it's 39 - - CHR(39)
"SStory" <Th*******@TAKEOUTTHISSPAMBUSTERsofthome.net> wrote in message news:OQ**************@TK2MSFTNGP12.phx.gbl... How can I handle the user entering single quotes like in
Bob's mini mart?
If I use command objects will this no longer be an issue?
I guess that would mean no simple adhoc SQL statements right?
like SELECT name from WHATEVER
would need a command object with
"SELECT @NAME, etc. and then params
is this the way to solve the problem?
Thanks,
Shane
Granted, my text is incomplete. I assumed that it was known that the
string as shown would be a string and have doublequotes surrounding it
if hardcoded so...
sql = "select * from table where name = 'Bob''s mini mart'"
the variable sql would be valid to pass to a command object for
execution on SQL Server. I would like to stress however, that this is
much less a good fix than to convert to using parameters.
On Tue, 1 Jun 2004 22:09:19 -0400, "Scott M." <s-***@nospam.nospam>
wrote: That won't cut it in .NET. It will be seen as two strings next to each other without any concatenation.
"Dan Brussee" <db******@nc.rr.com> wrote in message news:qr********************************@4ax.com.. . At least with SQL Server, it recognizes two single quotes as a single quote inside single quote delimiters. Huh??
select * from table where name = 'Bob''s mini mart'
Notice two single quotes between b and s of Bob's. Use a replace method to get it that way.
On Tue, 1 Jun 2004 19:05:36 -0400, "Scott M." <s-***@nospam.nospam> wrote:
>try inserting the char code. I believe it's 39 - - CHR(39) > > >"SStory" <Th*******@TAKEOUTTHISSPAMBUSTERsofthome.net> wrote in message >news:OQ**************@TK2MSFTNGP12.phx.gbl... >> How can I handle the user entering single quotes like in >> >> Bob's mini mart? >> >> If I use command objects will this no longer be an issue? >> >> I guess that would mean no simple adhoc SQL statements right? >> >> like SELECT name from WHATEVER >> >> would need a command object with >> >> "SELECT @NAME, etc. >> and then params >> >> is this the way to solve the problem? >> >> Thanks, >> >> Shane >> >> >
You have to be very careful when handling single quotes, as the bottom of
them is very sharp. I recommend wearing gloves.
;-)
Seriously, escape them by doubling them.
--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.
"SStory" <Th*******@TAKEOUTTHISSPAMBUSTERsofthome.net> wrote in message
news:OQ**************@TK2MSFTNGP12.phx.gbl... How can I handle the user entering single quotes like in
Bob's mini mart?
If I use command objects will this no longer be an issue?
I guess that would mean no simple adhoc SQL statements right?
like SELECT name from WHATEVER
would need a command object with
"SELECT @NAME, etc. and then params
is this the way to solve the problem?
Thanks,
Shane
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: sinister |
last post by:
The examples in the online manual all seem to use double quotes, e.g. at
http://us3.php.net/preg_replace
Why? (The behavior is different with single quotes, and presumably simpler
to...
|
by: Jakanapes |
last post by:
Hi all,
I'm looking for a way to scan a block of text and replace all the
double quotes (") with single quotes (').
I'm using PHP to pull text out of a mySQL table and then feed the text
into...
|
by: Joe Van Meer |
last post by:
Hi all,
Been a while since I've done any asp coding, but happy to be getting back
into it. My question is what is the best way (now) to handle apostrophes
coming in from forms and going into...
|
by: Joel |
last post by:
Hi,
I incorporated a function in my code that whenever I use a string variable
in an sql statement if the string contains a single quote it will encase it
in double quotes else single quotes.
...
|
by: Mateusz Loskot |
last post by:
Hi,
I'd like to ask how XML parsers should handle attributes which consists
of " entity as value. I know XML allows to use both: single and
double quotes as attribute value terminator. That's...
|
by: David |
last post by:
Hello
I am trying to collect errors and record them in a table instead of a
popup message stopping my code. It seems to work ok, but when I try to
add ERR.Description to my code it fails on Syntax...
|
by: REB |
last post by:
I have a button that executes this sql query:
sqlcmdInsertPhysicalNote.CommandText = "INSERT INTO DriverPhysicalNotes
(DriverInformationID, PhysicalNoteDate, PhysicalNote) VALUES ('" +...
|
by: Reporter |
last post by:
I got the following example from http://www.evolt.org/article/User_Friendly_Forms_in_PHP/20/60144/index.html
:
echo '<tr><td>First name:</td><td><input type="text" name="first_name"...
|
by: jwbrown77 |
last post by:
Hello,
I am trying to read a csv file. I have the following functioning
code:
---- BEGIN ----
import csv
reader = csv.reader(open("test.csv", "rb"), delimiter=';')
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |