VB6: Single Quote input in string SQL
Hi,
I'm finishing a program, trying to get every single bug and error out of it. I have a combobox, wich includes some items with the single quote (all loaded from a database). After the selection of a quoted item, 3 labels are filled with the other items from that record. I use a stringSQL to do that. My program can handle all the other items, but not the ones with single quotes.
How do I build my stringSQL, so that the item can contain single quotes (')?
Thanks!
Re: VB6: Single Quote input
You should be using parameters to insert values into SQL code. This will not only avert issues with single quotes but, most importantly, protect you from SQL injection. The sticky FAQ thread at the top of this forum provides a link to a thread that explains the ins and outs of SQL parameters.
If you decide to not use parameters for whatever reason then you'll have to escape the single quote with another single quote. You can just run every value through the Replace function so that any single quotes will be replaced by two single quotes (NOT a double quote!).