Results 1 to 2 of 2

Thread: VB6: Single Quote input in string SQL

  1. #1

    Thread Starter
    Lively Member
    Join Date
    Apr 2010
    Location
    Netherlands
    Posts
    97

    VB6: Single Quote input in string SQL

    Hi,
    I'm finishing a program, trying to get every single bug and error out of it. I have a combobox, wich includes some items with the single quote (all loaded from a database). After the selection of a quoted item, 3 labels are filled with the other items from that record. I use a stringSQL to do that. My program can handle all the other items, but not the ones with single quotes.

    How do I build my stringSQL, so that the item can contain single quotes (')?

    Thanks!
    Last edited by JWJWJW; May 6th, 2010 at 03:02 AM.
    My Programming Software: Visual Basic 2010
    My Database Program: Office Access 2010

  2. #2
    Super Moderator jmcilhinney's Avatar
    Join Date
    May 2005
    Location
    Sydney, Australia
    Posts
    110,299

    Re: VB6: Single Quote input

    You should be using parameters to insert values into SQL code. This will not only avert issues with single quotes but, most importantly, protect you from SQL injection. The sticky FAQ thread at the top of this forum provides a link to a thread that explains the ins and outs of SQL parameters.

    If you decide to not use parameters for whatever reason then you'll have to escape the single quote with another single quote. You can just run every value through the Replace function so that any single quotes will be replaced by two single quotes (NOT a double quote!).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width