Thanks for your time.
I've built an asp.net/vb.net CMS(Content Management System) application. I
have several different UI's that provide the user the ability to maintain
site content that is stored in a MySQL db. Currently I'm using ado.net to
connect to the MySQL db.
I'm having difficulty with apostrophes in the sql syntax that updates, and
adds new records. (example:Joe's Garage causes an error).
I've tried replace(mystring, "'","''") - double quotes, replace(mystring,
"'","/'") - MySQL escape chars. No luck. I was going to give parameters a
try. Will this solve the problem? Does ADO support parameters - or are they
strictly an OleDB type thing? The site is hosted, so I don't think that I
can use DSNs, or install anything. 4 1541
Using paramters will fix the issue.
--
------------------------------------------
Damon Payne http://www.damonpayne.com
"Brian" <Br***@discussions.microsoft.com> wrote in message
news:6E**********************************@microsof t.com... Thanks for your time.
I've built an asp.net/vb.net CMS(Content Management System) application.
I have several different UI's that provide the user the ability to maintain site content that is stored in a MySQL db. Currently I'm using ado.net to connect to the MySQL db.
I'm having difficulty with apostrophes in the sql syntax that updates, and adds new records. (example:Joe's Garage causes an error).
I've tried replace(mystring, "'","''") - double quotes, replace(mystring, "'","/'") - MySQL escape chars. No luck. I was going to give parameters
a try. Will this solve the problem? Does ADO support parameters - or are
they strictly an OleDB type thing? The site is hosted, so I don't think that I can use DSNs, or install anything.
You should use ADO.NET parameter objects. They will solve your problem and
they will also protect you from SQL Injection Attacks, which it sounds like
your code is probably vulnerable to at this time.
Here's more info: http://msdn.microsoft.com/library/de...classtopic.asp http://msdn.microsoft.com/library/de...isualbasic.asp
--
I hope this helps,
Steve C. Orr, MCSD, MVP http://SteveOrr.net
"Brian" <Br***@discussions.microsoft.com> wrote in message
news:6E**********************************@microsof t.com... Thanks for your time.
I've built an asp.net/vb.net CMS(Content Management System) application. I have several different UI's that provide the user the ability to maintain site content that is stored in a MySQL db. Currently I'm using ado.net to connect to the MySQL db.
I'm having difficulty with apostrophes in the sql syntax that updates, and adds new records. (example:Joe's Garage causes an error).
I've tried replace(mystring, "'","''") - double quotes, replace(mystring, "'","/'") - MySQL escape chars. No luck. I was going to give parameters a try. Will this solve the problem? Does ADO support parameters - or are they strictly an OleDB type thing? The site is hosted, so I don't think that I can use DSNs, or install anything.
Thanks for your posts - on sunday night no less. :)
I'll move forward with the parameter method. Can anyone explain why the
replace method failed?
"Steve C. Orr [MVP, MCSD]" wrote: You should use ADO.NET parameter objects. They will solve your problem and they will also protect you from SQL Injection Attacks, which it sounds like your code is probably vulnerable to at this time.
Here's more info: http://msdn.microsoft.com/library/de...classtopic.asp
http://msdn.microsoft.com/library/de...isualbasic.asp
-- I hope this helps, Steve C. Orr, MCSD, MVP http://SteveOrr.net
"Brian" <Br***@discussions.microsoft.com> wrote in message news:6E**********************************@microsof t.com... Thanks for your time.
I've built an asp.net/vb.net CMS(Content Management System) application. I have several different UI's that provide the user the ability to maintain site content that is stored in a MySQL db. Currently I'm using ado.net to connect to the MySQL db.
I'm having difficulty with apostrophes in the sql syntax that updates, and adds new records. (example:Joe's Garage causes an error).
I've tried replace(mystring, "'","''") - double quotes, replace(mystring, "'","/'") - MySQL escape chars. No luck. I was going to give parameters a try. Will this solve the problem? Does ADO support parameters - or are they strictly an OleDB type thing? The site is hosted, so I don't think that I can use DSNs, or install anything.
Hi Brian:
Were you assigning the result of String.Replace into a new string?
Replace doesn't modify the object you invoke the method upon, but
instead returns a new instance of a string.
--
Scott http://www.OdeToCode.com/blogs/scott/
On Sun, 6 Mar 2005 18:53:04 -0800, "Brian"
<Br***@discussions.microsoft.com> wrote: Thanks for your posts - on sunday night no less. :)
I'll move forward with the parameter method. Can anyone explain why the replace method failed? This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: forexgump |
last post by:
I have a PHP script where I extract data from a file and insert it into
a MySQL database.
Every time I run the PHP script I receive an SQL error that states:
"You have an error in your SQL...
|
by: soup_or_power |
last post by:
Hello All:
I'm having a whale of a problem with the following code. When the words
beginning with sugg contain an escaped single-quote (\' ==> back-slash
followed by quote) the script causes an...
|
by: Mark |
last post by:
I get "error 3077 Syntax Error (missing operator) in expression" in this
expression:
Rst.FindFirst "='" & Me!NewSection & "'"
when Me!NewSection contains an apostrophe.
How can I write the...
|
by: Richard Hollenbeck |
last post by:
To prevent future apostrophe bugs and errors, isn't it just simpler to
forbid an apostrophe from being entered into a text field? For example,
couldn't "Alice's Restaurant" be changed to "Alices...
|
by: spacehopper_man |
last post by:
hi -
I am having "apostrophe in sql" problems ;)
I am executing a stored procedure on SQL Server - and passing in a
string parameter.
the string has a single apostrophe in it.
the call...
|
by: wrytat |
last post by:
How to you print a double apostrophe in asp.net using vb? meaning for e.g. I
want to write ", So I do a Response.Write(""") Something like that, but the
mentioned is wrong. Thank you in advance
|
by: herlihyboy |
last post by:
I have searched and can't find any articles pertaining to this issue...
I am filling a dataset using a SqlDataAdapter that was instantiated
with a SqlCommand object. When the Fill method is...
|
by: Johnny BeGood |
last post by:
Hi All,
When a user enters an Apostrophe into a text area field on a form, i.e.
didn't, it mucks with odbc as follows
Syntax error (missing operator) in
query expression ''didn't',
Whats...
|
by: Thomas 'PointedEars' Lahn |
last post by:
Jukka K. Korpela wrote:
IBTD. For example, in English it is customary (and AIUI expected) to use
the character that ’ represents should be used to delimit a quotation
within direct speech...
|
by: HSXWillH |
last post by:
I have a field in a database that contains last names. In some of those names, like O'Brien and O'Connor, there is a ' symbol.
I am using combo boxes on a form to build a form filter and in...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |