By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,578 Members | 1,786 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,578 IT Pros & Developers. It's quick & easy.

SQL Querry question

P: n/a
I have code that looks like this:

Dim Cmd As OleDb.OleDbCommand
Dim Data As OleDb.OleDbDataReader

with Cmd
.Connection = _Conn

.CommandText = "SELECT * FROM Operators WHERE OperatorID='" &
Me._OperatorID & "'"

Data = .ExecuteReader
end with

This works fine for as lond as the patameter Me._operatorID does not contain
an apostrophe ("'") - , for example a name like O'Brien would cause an
error.

How can i go around this problem of solve it.

Thanks in advance

Nov 21 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Paramaterize it.

SELECT * FROM Operators WHERE OperatorID=?

cmd.Paramaters.Add("SomeName", Value);

There are many overaloads to adding params but that's essentially the
syntax. IN oledb it's important that the place you add the paramaters in the
collection matches where they are in the query.
--
W.G. Ryan, MVP

www.tibasolutions.com | www.devbuzz.com | www.knowdotnet.com
"Anthony Sox" <tr*******@hotmail.com> wrote in message
news:ey**************@TK2MSFTNGP14.phx.gbl...
I have code that looks like this:

Dim Cmd As OleDb.OleDbCommand
Dim Data As OleDb.OleDbDataReader

with Cmd
.Connection = _Conn

.CommandText = "SELECT * FROM Operators WHERE OperatorID='" &
Me._OperatorID & "'"

Data = .ExecuteReader
end with

This works fine for as lond as the patameter Me._operatorID does not contain an apostrophe ("'") - , for example a name like O'Brien would cause an
error.

How can i go around this problem of solve it.

Thanks in advance

Nov 21 '05 #2

P: n/a
Anthony Sox wrote:
This works fine for as lond as the patameter Me._operatorID does not
contain an apostrophe ("'") - , for example a name like O'Brien would
cause an error.


In addition to the solution suggested by W.G.Ryan, you can also just double
any apostrophes in your parameters, so O'Brien becomes O''Brien:

.CommandText = "SELECT * FROM Operators WHERE OperatorID='" &
Replace(Me._OperatorID, "'", "''") & "'"

The parameterised approached described by W.G.Ryan is definitely a safer way
to do it (there are other characters that can cause problems, for example,
and the parameterisation method will take care of them all for you), but
this method is still worth knowing.

--

(O)enone
Nov 21 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.