Problem on String

Option Strict On?

Same thing happen with Me.txtEquip.text = "20" ?

What exactly is the exception?
"Agnes" <ag***@dynamictech.com.hk> wrote in message
news:e1**************@TK2MSFTNGP15.phx.gbl...

my simple commandtext is ="update mytable set equipname = ' " &
Me.txtEqip.text & " ' " ... where
Now, if Me.txtEqip.text = 20' <-----------I will got the error on this
command,
Please help ~

--
.

Option Strict On?

Same thing happen with Me.txtEquip.text = "20" ?

What exactly is the exception?
"Agnes" <ag***@dynamictech.com.hk> wrote in message
news:e1**************@TK2MSFTNGP15.phx.gbl...

my simple commandtext is ="update mytable set equipname = ' " &
Me.txtEqip.text & " ' " ... where
Now, if Me.txtEqip.text = 20' <-----------I will got the error on this
command,
Please help ~

--
.

"smith" <rc********@smithvoiceTAKEOUT.com> wrote in message
news:kv****************@newsread1.news.pas.earthli nk.net...

Option Strict On?

Same thing happen with Me.txtEquip.text = "20" ?

What exactly is the exception?
"Agnes" <ag***@dynamictech.com.hk> wrote in message
news:e1**************@TK2MSFTNGP15.phx.gbl...

my simple commandtext is ="update mytable set equipname = ' " &
Me.txtEqip.text & " ' " ... where
Now, if Me.txtEqip.text = 20' <-----------I will got the error on this
command,

Check the database - does it allow non-numeric characters ? How many ?
What type of data is allowed ? Can more than 1 record have the same value
for that field ?

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.799 / Virus Database: 543 - Release Date: 11/19/2004

"smith" <rc********@smithvoiceTAKEOUT.com> wrote in message
news:kv****************@newsread1.news.pas.earthli nk.net...

Option Strict On?

Same thing happen with Me.txtEquip.text = "20" ?

What exactly is the exception?
"Agnes" <ag***@dynamictech.com.hk> wrote in message
news:e1**************@TK2MSFTNGP15.phx.gbl...

my simple commandtext is ="update mytable set equipname = ' " &
Me.txtEqip.text & " ' " ... where
Now, if Me.txtEqip.text = 20' <-----------I will got the error on this
command,

Check the database - does it allow non-numeric characters ? How many ?
What type of data is allowed ? Can more than 1 record have the same value
for that field ?

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.799 / Virus Database: 543 - Release Date: 11/19/2004

"Agnes" <ag***@dynamictech.com.hk> schrieb:

my simple commandtext is ="update mytable set equipname = ' " &
Me.txtEqip.text & " ' " ... where
Now, if Me.txtEqip.text = 20' <-----------I will got the error on this
command,

Think about using '*UpdateCommand' classes with parameters instead of
constructing the SQL command directly. This will prevent SQL injection.
Maybe you can solve your problem by replacing "'" with "''" before inserting
it into the SQL command (if you still want to use the unsecure way of
constructing SQL command strings by hand).

--
M S Herfried K. Wagner
M V P <URL:http://dotnet.mvps.org/>
V B <URL:http://dotnet.mvps.org/dotnet/faqs/>

"Agnes" <ag***@dynamictech.com.hk> schrieb:

my simple commandtext is ="update mytable set equipname = ' " &
Me.txtEqip.text & " ' " ... where
Now, if Me.txtEqip.text = 20' <-----------I will got the error on this
command,

Think about using '*UpdateCommand' classes with parameters instead of
constructing the SQL command directly. This will prevent SQL injection.
Maybe you can solve your problem by replacing "'" with "''" before inserting
it into the SQL command (if you still want to use the unsecure way of
constructing SQL command strings by hand).

--
M S Herfried K. Wagner
M V P <URL:http://dotnet.mvps.org/>
V B <URL:http://dotnet.mvps.org/dotnet/faqs/>

Agnes wrote:

my simple commandtext is ="update mytable set equipname = ' " &
Me.txtEqip.text & " ' " ... where
Now, if Me.txtEqip.text = 20' <-----------I will got the error on this
command,
Please help ~

You need to parse your values to replace single quotes with double
quotes. The resulting query you have now looks like this:

update mytable set equipname = ' 20''

That's one quote to many. If Me.txtEqip.text contains 20'' it should
work and enter only one quote into the database. This is especially
important for web applications to prevent SQL injection.

--
Rinze van Huizen
C-Services Holland b.v.

Agnes wrote:

my simple commandtext is ="update mytable set equipname = ' " &
Me.txtEqip.text & " ' " ... where
Now, if Me.txtEqip.text = 20' <-----------I will got the error on this
command,
Please help ~

You need to parse your values to replace single quotes with double
quotes. The resulting query you have now looks like this:

update mytable set equipname = ' 20''

That's one quote to many. If Me.txtEqip.text contains 20'' it should
work and enter only one quote into the database. This is especially
important for web applications to prevent SQL injection.

--
Rinze van Huizen
C-Services Holland b.v.