Hi,
I've made a program with an access database. In my sql insert command I need
to use escape characters to insert text strings but te problem is that I
want to use escape chars in my text strings themselves to.
strSQL = "INSERT INTO tblKlanten (Naam, Voornaam, Adres, Postnummer,
Telefoon, Fax, Gsm, Email, Gastvrouw, Matras, Lattenbodum, Waveflex,
Donsdeken, Btwnummer, Geboortedatum, Echtgenoot, Opmerkingen, Aankooplb)"
strSQL += " VALUES ('" & txtNaam.Text & "','" & txtVoornaam.Text & "','" &
txtAdres.Text & "', " & cboWoonplaats.SelectedValue & ", '" &
txtTelefoon.Text & "', '" & txtFax.Text & "', '" & txtGsm.Text & "','" &
txtMail.Text & "','" & chkGastvrouw.CheckState & "', '" &
chkMatras.CheckState & "', '" & chkLattenbodum.CheckState & "', '" &
chkWaveflex.CheckState & "', '" & chkDonsdeken.CheckState & "', '" &
txtBtw.Text & "', '" & txtGeboortedatum.Text & "', '" & txtEchtgenoot.Text &
"', '" & txtOpmerkingen.Text & "', '" & txtAankooplb.Text & "' )"
So like txtNaam.text could be 'test'a' and i must be something like "test'a"
but I need to use '
I hope someone understands my problem, and coulde give an answer. 6 6879
* "Stijn Vanpoucke" <st*****@hotmail.com> scripsit: I've made a program with an access database. In my sql insert command I need to use escape characters to insert text strings but te problem is that I want to use escape chars in my text strings themselves to.
strSQL = "INSERT INTO tblKlanten (Naam, Voornaam, Adres, Postnummer, Telefoon, Fax, Gsm, Email, Gastvrouw, Matras, Lattenbodum, Waveflex, Donsdeken, Btwnummer, Geboortedatum, Echtgenoot, Opmerkingen, Aankooplb)"
strSQL += " VALUES ('" & txtNaam.Text & "','" & txtVoornaam.Text & "','" & txtAdres.Text & "', " & cboWoonplaats.SelectedValue & ", '" & txtTelefoon.Text & "', '" & txtFax.Text & "', '" & txtGsm.Text & "','" & txtMail.Text & "','" & chkGastvrouw.CheckState & "', '" & chkMatras.CheckState & "', '" & chkLattenbodum.CheckState & "', '" & chkWaveflex.CheckState & "', '" & chkDonsdeken.CheckState & "', '" & txtBtw.Text & "', '" & txtGeboortedatum.Text & "', '" & txtEchtgenoot.Text & "', '" & txtOpmerkingen.Text & "', '" & txtAankooplb.Text & "' )"
So like txtNaam.text could be 'test'a' and i must be something like "test'a" but I need to use '
Try "test''a" to search for "test'a".
--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>
Stijin,
Sounds like a case for ... drumroll ... paramaters!
It's a bad practice to build a SQL string like that. You're ripe for
Injection attacks and all other unfun things. Try this instead ...
Dim myCon as New OleDbConnection( <connectionString> )
Dim myCmd as New OleDbCommand()
With myCmd
.Connection = myCon
.CommandText = "INSERT INTO myTbl (col1,col2,col3) VALUES (?,?,?)"
.Paramaters.Add( <ValueOfCol1> )
.Paramaters.Add( <ValueOfCol2> )
.Paramaters.Add( <ValueOfCol3> )
End With
myCon.Open()
myCmd.ExecuteNonQuery()
myCon.Close()
--
Alex Papadimoulis http://weblogs.asp.net/Alex_Papadimoulis
"Stijn Vanpoucke" <st*****@hotmail.com> wrote in message
news:EY********************@scarlet.biz... Hi, I've made a program with an access database. In my sql insert command I
need to use escape characters to insert text strings but te problem is that I want to use escape chars in my text strings themselves to.
strSQL = "INSERT INTO tblKlanten (Naam, Voornaam, Adres, Postnummer, Telefoon, Fax, Gsm, Email, Gastvrouw, Matras, Lattenbodum, Waveflex, Donsdeken, Btwnummer, Geboortedatum, Echtgenoot, Opmerkingen, Aankooplb)"
strSQL += " VALUES ('" & txtNaam.Text & "','" & txtVoornaam.Text & "','" & txtAdres.Text & "', " & cboWoonplaats.SelectedValue & ", '" & txtTelefoon.Text & "', '" & txtFax.Text & "', '" & txtGsm.Text & "','" & txtMail.Text & "','" & chkGastvrouw.CheckState & "', '" & chkMatras.CheckState & "', '" & chkLattenbodum.CheckState & "', '" & chkWaveflex.CheckState & "', '" & chkDonsdeken.CheckState & "', '" & txtBtw.Text & "', '" & txtGeboortedatum.Text & "', '" & txtEchtgenoot.Text
& "', '" & txtOpmerkingen.Text & "', '" & txtAankooplb.Text & "' )"
So like txtNaam.text could be 'test'a' and i must be something like
"test'a" but I need to use '
I hope someone understands my problem, and coulde give an answer.
I've tried it this way with some less colls to test it.
----------------------------------------------------------------------------
---------------------------------------------------------
'sql commando
strSQL = "INSERT INTO tblKlanten (Naam, Voornaam, Adres) "
strSQL += " VALUES (@Naam, @Voornaam , @Adres)"
Dim cmdvoegtoe As New OleDb.OleDbCommand(strSQL, Objverbinding)
With cmdvoegtoe
..Connection = Objverbinding
..CommandText = strSQL
..Parameters.Add("@Naam", OleDb.OleDbType.VarChar, 40, txtNaam.Text)
..Parameters.Add("@Voornaam", OleDb.OleDbType.VarChar, 40, txtVoornaam.Text)
..Parameters.Add("@Adres", OleDb.OleDbType.VarChar, 40, txtAdres.Text)
End With
Objverbinding.Open()
cmdvoegtoe.ExecuteNonQuery()
Objverbinding.Close()
----------------------------------------------------------------------------
----------------------------------------------------------------------------
------------------
No I get:
Parapmeter @name does not have a standard value
What's my fault?
"Cor Ligthert" <no**********@planet.nl> schreef in bericht
news:O%****************@TK2MSFTNGP12.phx.gbl... Hallo Stijn,
Have a look at this page, I think that it would help you, it is anyway the better way to do it.
http://msdn.microsoft.com/library/de...mmandtopic.asp I hope this helps?
Cor
Hi Stijn,
Can you try this.
\\\
strSQL = "INSERT INTO tblKlanten (Naam, Voornaam, Adres) "
strSQL += " VALUES (@Naam, @Voornaam , @Adres)"
Dim cmdvoegtoe As New OleDb.OleDbCommand(strSQL, Objverbinding)
cmdvoegtoe.Parameters.Add("@Naam", txtNaam.Text)
cmdvoegtoe.Parameters.Add("@Voornaam", txtVoornaam.Text)
cmdvoegtoe.Parameters.Add("@Adres", txtAdres.Text)
Objverbinding.Open()
cmdvoegtoe.ExecuteNonQuery()
Objverbinding.Close()
///
This should normally be enough, there is no @Name in it by the way is there
not a typo?
Cor
Hi,
I've tried it before and it wouldn't work but now with the short version of
the sql it does :o)
thx
"Cor Ligthert" <no**********@planet.nl> schreef in bericht
news:ej**************@TK2MSFTNGP12.phx.gbl... Hi Stijn,
Can you try this. \\\ strSQL = "INSERT INTO tblKlanten (Naam, Voornaam, Adres) " strSQL += " VALUES (@Naam, @Voornaam , @Adres)" Dim cmdvoegtoe As New OleDb.OleDbCommand(strSQL, Objverbinding) cmdvoegtoe.Parameters.Add("@Naam", txtNaam.Text) cmdvoegtoe.Parameters.Add("@Voornaam", txtVoornaam.Text) cmdvoegtoe.Parameters.Add("@Adres", txtAdres.Text) Objverbinding.Open() cmdvoegtoe.ExecuteNonQuery() Objverbinding.Close() /// This should normally be enough, there is no @Name in it by the way is
there not a typo?
Cor
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: teachtiro |
last post by:
Hi,
'C' says \ is the escape character to be used when characters are
to be interpreted in an uncommon sense, e.g. \t usage in printf(),
but for printing % through printf(), i have read that %%...
|
by: Steve Litvack |
last post by:
Hello,
I have built an XMLDocument object instance and I get the following string
when I examine the InnerXml property:
<?xml version=\"1.0\"?><ROOT><UserData UserID=\"2282\"><Tag1...
|
by: Guadala Harry |
last post by:
I need to place the following into a string... How can I properly escape the
% " / < and > characters?
<table width="100%" border="0" cellspacing="0" cellpadding="4px"
class="hfAll"></Table>
...
|
by: Luminal |
last post by:
Greetings
I'm having some problems on my C# application. I'm using an access
database and I'm not able to do select queries with the ' character.
My code is this:
// some previous code like...
|
by: abcd |
last post by:
Case 1
I have a variable called sConnectString whose value is
"Provider=Microsoft.Jet.OLEDB.4.0;Data
Source=\\msxp102\shared\DBS\db3.mdb;User Id=;Password=;";
after this I call following...
|
by: pkaeowic |
last post by:
I am having a problem with the "escape" character \e. This code is in my
Windows form KeyPress event. The compiler gives me "unrecognized escape
sequence" even though this is documented in MSDN....
|
by: Lawrence D'Oliveiro |
last post by:
The "escape" function in the "cgi" module escapes characters with special
meanings in HTML. The ones that need escaping are '<', '&' and '"'.
However, cgi.escape only escapes the quote character if...
|
by: vlsidesign |
last post by:
The printf function returns "warning: unknown escape sequence: \040"
for a backslash-space combination. If the ascii decimal number for
space is 32 and the backslash is 92, why this particular...
|
by: |
last post by:
I mainly work on OS X, but thought I'd experiment with some Python code on XP. The
problem is I can't seem to get these things to work at all.
First of all, I'd like to use Greek letters in the...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |