Unresolved issue....Strings in SQL Statement
Hey, I still can't figure out how to get this to work. I am adding strings into the table in SQL statement. This works fine except there is an error if the string contains a single quote. So this is how it was suggested that I do this, but I'm still getting the error. If anyone can help me out with this it would be greatly appreciated. Thanks.
VB Code:
SQL = "INSERT into " & table & " VALUES ('" & Replace(strFilepath, "'", "''") & "','" & Replace(strFileName, "'", "''") & "','" & Replace(strFileSize, "'", "''") & "','" & Replace(strArtist, "'", "''") & "','" & strTitle & "','" & Replace(strAlbum, "'", "''") & "','" & Replace(strFrequency, "'", "''") & "','" & Replace(strBitrate, "'", "''") & "','" & Replace(strLength, "'", "''") & "','" & Replace(strTrack, "'", "''") & "')"
Cnn.Execute (SQL)
:confused:
Ok, fixed that........but
Now I'm getting this error: "Error in String Syntax: "Stevie Ray Vaughn'
Any Idea what the problem is now!????
Further 'Single Quote' issues
I agree with the comment that using variables will solve the situation for basic queries. For example, if I use strText and the variable contains one or more single quote characters then this will pass ok with VB code such as:
lstrSQL = "SELECT * FROM tblWhatever " & _
"WHERE ColumnA = ' " & strText & " ' "
HOWEVER the problem I am now experiencing is that I am getting into stored procedures and passing a variable to a stored procedure no longer disregards the single quote contents of a variable!! So I am back to square one!!
Basically, the following (derived from above) will no longer work IF one or more single quote character is included:
lstrSQL = "EXEC sp_procName & " ' " & strText & " ' "
I know that changing the single quotes here to double quotes via Chr(34), WILL accept my single quote but then I will get a problem if the strText variable contains one or more double quote, so I am no further forward.
So what other alternatives are there for use with stored procedure??