PHP User Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: bbcode_highlight in ..../includes/functions.php on line 4197

PHP User Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: bbcode_highlight in ..../includes/functions.php on line 4197

PHP User Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: bbcode_highlight in ..../includes/functions.php on line 4197

PHP User Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: bbcode_highlight in ..../includes/functions.php on line 4197

PHP User Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: bbcode_highlight in ..../includes/functions.php on line 4197
[RESOLVED] How do i Validate Textbox Preventing Single ' & Double "-VBForums
Results 1 to 16 of 16

Thread: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

  1. #1

    Thread Starter
    Addicted Member
    Join Date
    Jan 2006
    Location
    PUNE
    Posts
    222

    Resolved [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    How do i Validate Textbox Preventing Single Quote ' & Double Quote "

    Thanks

  2. #2
    VB Guru ganeshmoorthy's Avatar
    Join Date
    Dec 2005
    Location
    Sharjah, United Arab Emirates
    Posts
    3,031

    Re: How do i Validate Textbox Preventing Single ' & Double "

    get the ascii values of the single quote and double quote and then set the keyascii = 0
    If an answer to your question has been helpful, then please, Rate it!

    Have done Projects in Access and Member management systems using BioMetric devices, Smart cards and BarCodes.


  3. #3
    Shared Member
    Join Date
    May 2005
    Location
    Kashmir, India
    Posts
    2,277

    Re: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    Quote Originally Posted by vaishali
    How do i Validate Textbox Preventing Single Quote ' & Double Quote "

    Thanks
    If you are doing this because these are special characters and error out when you run a SQL Query using the strings containing these characters then you should take a look at prepared statements.
    Use [code] source code here[/code] tags when you post source code.

    My Articles

  4. #4

    Thread Starter
    Addicted Member
    Join Date
    Jan 2006
    Location
    PUNE
    Posts
    222

    Re: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    Yes Shuja,
    How do i get rid of this using SQL

  5. #5
    Shared Member
    Join Date
    May 2005
    Location
    Kashmir, India
    Posts
    2,277

    Re: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    Quote Originally Posted by vaishali
    Yes Shuja,
    How do i get rid of this using SQL
    You will have to use Prepared statements. Prepared Statement will automatically take care of any special characters present in the strings. Take a look at this code that explains how to use prepared statements. And they are safer and faster in execution.

    VB Code:
    1. Dim cmdSQLInsert As ADODB.Command
    2. Set cmdSQLInsert = New ADODB.Command
    3.  
    4. 'Create the query
    5. cmdSQLInsert.CommandText = "Insert Into Table1(ID, NAME, AGE) Values(?,?,?)"
    6. cmdSQLInsert.CommandType = adCmdText
    7. cmdSQLInsert.Prepared = True
    8.  
    9. 'Create the parameters
    10. 'in this case we will create three parameters
    11. '-----Param 1 (for Field ID)-------------
    12. Dim gParam As ADODB.Parameter
    13. Set gParam = New ADODB.Parameter
    14. With gParam
    15.     .Name = "ID"
    16.     .Direction = adParamInput
    17.     .Type = adChar
    18.     .Size = 10
    19.     .Value = "xxxxxxxxxx"
    20. End With
    21. cmdSQLInsert.Parameters.Append gParam
    22.  
    23. '-----Param 2 (for Field Name)-------------
    24. Set gParam = Nothing
    25. Set gParam = New ADODB.Parameter
    26. With gParam
    27.     .Name = "NAME"
    28.     .Direction = adParamInput
    29.     .Type = adVarChar
    30.     .Size = 50
    31.     .Value = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    32. End With
    33. cmdSQLInsert.Parameters.Append gParam
    34.  
    35. '-----Param 3 (for Field AGE)-------------
    36. Set gParam = Nothing
    37. Set gParam = New ADODB.Parameter
    38. With gParam
    39.     .Name = "AGE"
    40.     .Direction = adParamInput
    41.     .Type = adChar
    42.     .Size = 2
    43.     .Value = "xx"
    44. End With
    45. cmdSQLInsert.Parameters.Append gParam
    46.  
    47. 'Set the connection property of the command object
    48. Set cmdSQLInsert.ActiveConnection = mySQLConnection
    49. 'pass the values that need to be inserted to specific parameters that we created above
    50. cmdSQLInsert("ID") = txtID.Text
    51. cmdSQLInsert("NAME") = txtName.Text
    52. cmdSQLInsert("AGE") = txtAge.Text
    53.  
    54. 'Execute the command
    55. cmdSQLInsert.Execute
    You could use the similar code for Update, Select or Delete queries.
    Use [code] source code here[/code] tags when you post source code.

    My Articles

  6. #6

    Thread Starter
    Addicted Member
    Join Date
    Jan 2006
    Location
    PUNE
    Posts
    222

    Re: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    Shuja,

    For Every Data Field i Have to Write this
    VB Code:
    1. \
    2. Set gParam = New ADODB.Parameter
    3. With gParam
    4.     .Name = "ID"
    5.     .Direction = adParamInput
    6.     .Type = adChar
    7.     .Size = 10
    8.     .Value = "xxxxxxxxxx"
    9. End With
    10. cmdSQLInsert.Parameters.Append gParam

    because am having more than 50 Fields in SQL

    so i have to repeat 50 times


  7. #7
    Shared Member
    Join Date
    May 2005
    Location
    Kashmir, India
    Posts
    2,277

    Re: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    This has to be done only once and later on you can use the same prepared statement and pass just the values that you need.

    One more important thing about prepared statements is that they far more safer than trivial SQL that we write on the fly and are faster when you execute them.
    Use [code] source code here[/code] tags when you post source code.

    My Articles

  8. #8
    Super Moderator Hack's Avatar
    Join Date
    Aug 2001
    Location
    Searching for mendhak
    Posts
    58,335

    Re: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    Probably not all 50. You don't need something like that for number fields, and how many of your vchar fields could possibly ever hold text with a single quote in them?
    Please use [Code]your code goes in here[/Code] tags when posting code.
    When you have received an answer to your question, please mark it as resolved using the Thread Tools menu.
    Before posting your question, did you look here?
    Got a question on Linux? Visit our Linux sister site.
    I dont answer coding questions via PM or EMail. Please post a thread in the appropriate forum section.

    Creating A Wizard In VB.NET
    Paging A Recordset
    What is wrong with using On Error Resume Next
    Good Article: Language Enhancements In Visual Basic 2010
    Upgrading VB6 Code To VB.NET
    Microsoft MVP 2005/2006/2007/2008/2009/2010/2011/2012/Defrocked

  9. #9

    Thread Starter
    Addicted Member
    Join Date
    Jan 2006
    Location
    PUNE
    Posts
    222

    Re: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    Thanks Shuja & Hack

  10. #10
    Super Moderator Hack's Avatar
    Join Date
    Aug 2001
    Location
    Searching for mendhak
    Posts
    58,335

    Re: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    Quote Originally Posted by vaishali
    Thanks Shuja & Hack
    I made one comment and asked one question. Any thanks or credit for this should exclusively go to Shuja.
    Please use [Code]your code goes in here[/Code] tags when posting code.
    When you have received an answer to your question, please mark it as resolved using the Thread Tools menu.
    Before posting your question, did you look here?
    Got a question on Linux? Visit our Linux sister site.
    I dont answer coding questions via PM or EMail. Please post a thread in the appropriate forum section.

    Creating A Wizard In VB.NET
    Paging A Recordset
    What is wrong with using On Error Resume Next
    Good Article: Language Enhancements In Visual Basic 2010
    Upgrading VB6 Code To VB.NET
    Microsoft MVP 2005/2006/2007/2008/2009/2010/2011/2012/Defrocked

  11. #11
    Shared Member
    Join Date
    May 2005
    Location
    Kashmir, India
    Posts
    2,277

    Re: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    You are welcome
    Use [code] source code here[/code] tags when you post source code.

    My Articles

  12. #12
    PowerPoster
    Join Date
    Feb 2006
    Location
    East of NYC, USA
    Posts
    5,692

    Re: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    There's a simpler way to clean up a SQL string:

    VB Code:
    1. strSQL = <whatever> & _
    2. "'" & Replace(Replace(Text1.Text, "'", "''"), chr$(34),"") & "'" & _
    3. ...
    You could do it as a function too:
    VB Code:
    1. strSQL = <whatever> & _
    2. "'" & sqlFix(Text1.Text) & "'" & _
    3. ...
    4.  
    5. Private Function sqlFix(s As String) As String
    6. sqlFix = Replace(Replace(s, "'", "''"), chr$(34),"")
    7. End Function
    (Replace the "''" with "" if you really want to get rid of the single tics, rather than store them.)

  13. #13
    Shared Member
    Join Date
    May 2005
    Location
    Kashmir, India
    Posts
    2,277

    Re: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    @AI42:
    There is nothing wrong with your way, however this invites trouble like SQL Injection attacks. Imagine a User entering this SQL in a textbox
    PHP Code:
     somename''Drop Table EMPLOYEES;-- 
    And remember the reason why we suggest using Prepared statements is because they are safer and faster.
    Use [code] source code here[/code] tags when you post source code.

    My Articles

  14. #14
    Addicted Member
    Join Date
    Nov 2005
    Posts
    145

    Re: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    Quote Originally Posted by Hack
    Probably not all 50. You don't need something like that for number fields, and how many of your vchar fields could possibly ever hold text with a single quote in them?
    how to implement this to multiple record add?? can you give me sample

  15. #15
    Shared Member
    Join Date
    May 2005
    Location
    Kashmir, India
    Posts
    2,277

    Re: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    Quote Originally Posted by barianto
    how to implement this to multiple record add?? can you give me sample
    What exactly are you trying to do? I am not able to understand what exactly you want.
    Use [code] source code here[/code] tags when you post source code.

    My Articles

  16. #16
    Junior Member
    Join Date
    Jun 2006
    Posts
    22

    Re: [RESOLVED] How do i Validate Textbox Preventing Single ' & Double "

    Quote Originally Posted by Shuja Ali
    You will have to use Prepared statements. Prepared Statement will automatically take care of any special characters present in the strings. Take a look at this code that explains how to use prepared statements. And they are safer and faster in execution.

    VB Code:
    1. Dim cmdSQLInsert As ADODB.Command
    2. Set cmdSQLInsert = New ADODB.Command
    3.  
    4. 'Create the query
    5. cmdSQLInsert.CommandText = "Insert Into Table1(ID, NAME, AGE) Values(?,?,?)"
    6. cmdSQLInsert.CommandType = adCmdText
    7. cmdSQLInsert.Prepared = True
    8.  
    9. 'Create the parameters
    10. 'in this case we will create three parameters
    11. '-----Param 1 (for Field ID)-------------
    12. Dim gParam As ADODB.Parameter
    13. Set gParam = New ADODB.Parameter
    14. With gParam
    15.     .Name = "ID"
    16.     .Direction = adParamInput
    17.     .Type = adChar
    18.     .Size = 10
    19.     .Value = "xxxxxxxxxx"
    20. End With
    21. cmdSQLInsert.Parameters.Append gParam
    22.  
    23. '-----Param 2 (for Field Name)-------------
    24. Set gParam = Nothing
    25. Set gParam = New ADODB.Parameter
    26. With gParam
    27.     .Name = "NAME"
    28.     .Direction = adParamInput
    29.     .Type = adVarChar
    30.     .Size = 50
    31.     .Value = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    32. End With
    33. cmdSQLInsert.Parameters.Append gParam
    34.  
    35. '-----Param 3 (for Field AGE)-------------
    36. Set gParam = Nothing
    37. Set gParam = New ADODB.Parameter
    38. With gParam
    39.     .Name = "AGE"
    40.     .Direction = adParamInput
    41.     .Type = adChar
    42.     .Size = 2
    43.     .Value = "xx"
    44. End With
    45. cmdSQLInsert.Parameters.Append gParam
    46.  
    47. 'Set the connection property of the command object
    48. Set cmdSQLInsert.ActiveConnection = mySQLConnection
    49. 'pass the values that need to be inserted to specific parameters that we created above
    50. cmdSQLInsert("ID") = txtID.Text
    51. cmdSQLInsert("NAME") = txtName.Text
    52. cmdSQLInsert("AGE") = txtAge.Text
    53.  
    54. 'Execute the command
    55. cmdSQLInsert.Execute
    You could use the similar code for Update, Select or Delete queries.


    Old topic i know, but saves me starting a new one...

    few questions shuja

    why do we have

    .Value set to "xxxxx"?

    And in the SQL statement in the first line - you've put Value(?,?,?) - why is that? Is that hows meant to be?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width