|
-
Feb 22nd, 2002, 04:17 PM
#1
Thread Starter
Junior Member
Single Quotes in SQL String
How do I code my program so that if a user enters a single quote in a string value that I have to pass as a SQL statement, there will be no ODBC error.
like "David's" ... it come back with an odbc invalid format error.
Thanks
-
Feb 22nd, 2002, 04:35 PM
#2
Hyperactive Member
You need to run that string through the wringer.. create a small function that you can pass a string into with a boolean that determines if you want to encode for SQL or decode for text... then in that function, use the Replace function and replace any ' with something like &sq.. or reverse, replace &sq with ' on the way out
VB Code:
Public Function SQLStringConv(str as String, bolInOut as Boolean) as String
If bolInOut Then
SQLStringConv = Replace(str, "'", "&sq")
Else
SQLStringConv = Replace(str, "&sq", "'")
End If
End Function
-mcd
[vbcode]
'*****************************
MsgBox "MCD :: [email protected]", vbInformation + vbOKOnly, "User"
'*****************************
[/vbcode]
-
Feb 22nd, 2002, 04:45 PM
#3
Addicted Member
You can also double the character to 'escape' it. This function works pretty good for me anyways...
Code:
Function Fix39(ByVal Text As String) As String
Fix39 = Replace(Text, Chr(39), Chr(39) & Chr(39))
End Function
-
Feb 22nd, 2002, 04:56 PM
#4
pretty much the same thing.. but i made a function in a module
Code:
Public Function Apost(sString as string)
Apost = Replace("'","''")
End Function
then when you make your SQL statment... i would use
Code:
sSql = "INSERT INTO tblTable [MyField] Values('" & apost(txtName) & "')"
-
Feb 22nd, 2002, 05:21 PM
#5
It reads a LOT better if you use chr$(34) instead of doubling the
quotes.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
