-
Apostrophe Error
I am using the following code to submit values to a database. How can I adjust the code to allow information with apostophes to be allowed without messing up the SQL statement? (Using VBScript)
function UpdateNearestRelative()
appid = session("appID")
sqlUpdateApplicant = "Update ApplicantInfo set"
sqlUpdateApplicant = sqlUpdateApplicant & " NearRelative = '" & Request.Form("txtNRName") & "', "
sqlUpdateApplicant = sqlUpdateApplicant & " R_Address = '" & Request.Form("txtNRAddress") & "', "
sqlUpdateApplicant = sqlUpdateApplicant & " R_City = '" & Request.Form("txtNRCity") & "', "
sqlUpdateApplicant = sqlUpdateApplicant & " R_State = '" & Request.Form("txtNRState") & "', "
sqlUpdateApplicant = sqlUpdateApplicant & " R_Zip = '" & Request.Form("txtNRZip") & "', "
sqlUpdateApplicant = sqlUpdateApplicant & " R_Phone = '" & Request.Form("txtNRPHAreaCode") & Request.Form("txtNRPHPrefix") & Request.Form("txtNRPhNum") & "' "
sqlUpdateApplicant = sqlUpdateApplicant & " where ApplID = " & appid
Conn.Execute(sqlUpdateApplicant)
end function
Thanks!
-
Use the replace function to replace one single quote with two single quotes for each string value going into your insert statement
Code:
strSomeStrimg = Replace(strSomeStrimg, "'", "''")
-
Code:
strSQL = strSQL & Replace(strSomeValue, "'", "''")
You have to escape apostrophe's in SQL with another apostrophe. There is a thread about posting O'Something names.
Edit: Sorry, I got bored and kind of felt my code sample might be misleading, so I edited it.
-
-