473,325 Members | 2,828 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,325 software developers and data experts.

update help

I have an update page and on the page there are sometimes names with 's
(car's) in it
When I try to update it i get a syntax error. How can i update the record
with a 's (car's) in the name?

thx
Nov 18 '05 #1
4 1085
"Mike" <me@me.com> wrote in message
news:e%****************@TK2MSFTNGP10.phx.gbl...
I have an update page and on the page there are sometimes names with 's
(car's) in it
When I try to update it i get a syntax error. How can i update the record
with a 's (car's) in the name?


How are you updating the record? Using dynamic SQL, I bet.

Don't use dynamic SQL. Use parameters instead. See
"Protecting Against SQL Injection"
(http://www.winnetmag.com/Article/Art...216/42216.html)

for one reason why not.
--
John Saunders
johnwsaundersiii at hotmail
Nov 18 '05 #2
Hi Mike,

I think John's suggestion is quite reasonable, in the sql statement ,some
characters are not allowed in it ,such as the single quote ' , and
generally we have to replace it with other char. If we use the sqlcomand 's
parameters to set the value, it'll automatically replace for us. Also, use
parameters is has more to do on security as John has mentiond. And here is
another tech article in MSDN discussing on this:

#Secure ADO.NET Coding Guidelines
http://msdn.microsoft.com/library/en...readonetcoding
guidelines.asp?frame=true

Hope also helps. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #3
Hi Mike,

Have you got any further ideas on this issue? If you have anything unclear
or if there're anything else we can help, please feel free to post here.
Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #4
You may also replace a single quote with 2 single quotes like this

Replace(strVal,"'", "''")

or use bind variables as denoted in the previous reply
Regards,

Trevor Benedict R

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

10
by: Randy Harris | last post by:
I imported records into a table, later found out that many of them had trailing spaces in one of the fields. If I'd caught it sooner, I could have trimmed the spaces before the import. This...
8
by: Maxi | last post by:
There is a lotto system which picks 21 numbers every day out of 80 numbers. I have a table (name:Lotto) with 22 fields (name:Date,P1,P2....P21) Here is the structure and sample data: ...
4
by: Jonathan Upright | last post by:
Greetings to anyone who can help: I'm using WebMatrix to make ASP.NET pages, and I chose the "Editable DataGrid" at the project selector screen. As you may know, it defaults to the Microsoft...
1
by: Sajid | last post by:
Hello! Experts, I have the following piece of code in VB.NET that I want to use to update any records in the database. I would like to use a code as well as DataGrid to update the records....
15
by: graham | last post by:
Hi all, <bitching and moaning section> I am asking for any help I can get here... I am at the end of my tether... I don;t consider myself a genius in any way whatsoever, but I do believe I have...
1
by: mursyidatun ismail | last post by:
Dear all, database use: Ms Access. platform: .Net i'm trying to update a record/records in a table called t_doctors by clicking da edit link provided in the database. when i ran through da...
5
by: Stephen Plotnick | last post by:
I'm very new to VB.NET 2003 Here is what I have accomplished: MainSelectForm - Selects an item In a public class I pass a DataViewRow to ItemInformation1 Form ItemInformation2 Form
2
by: Hexman | last post by:
Hello All, Well I'm stumped once more. Need some help. Writing a simple select and update program using VB.Net 2005 and an Access DB. I'm using parameters in my update statement and when trying...
60
by: FAQ server | last post by:
----------------------------------------------------------------------- FAQ Topic - How do I prompt a "Save As" dialog for an accepted mime type?...
0
NeoPa
by: NeoPa | last post by:
Introduction : I have come across a problem, on a number of occasions, where PCs under my control fail to load new updates successfully. This is true whether they are attempting to apply via the...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.