SQL Statement

Printable View

May 9th, 2001, 03:27 PM
fasi

SQL Statement

Well i spent hours and hours but couldnt figure this probelem out

I am querying the database on a variablename that is a string.. it works fine .. but as soon as my varable name has an appostrpohe then the whole program crashes.

LIke i wm ausing the statement

rst.Open"SELECT * from Customers wher CustomerName = ' " & variable & " ';", cnn

If the customer name is say

Kevin it works fine

But when it is
Kevin's

it crashes

any solutions to this problem

:confused:
May 9th, 2001, 03:37 PM
ExcalibursZone

Try this:

Code:

Replace(variable, "'", "' + CHAR(27) + '") If Right(Variable, 4) = " + '" Then Variable = Left(Variable, Len(Variable) - 4) End If

Hope this helps you out. CHAR() is the SQL equivalent of Chr$ in VB.
May 9th, 2001, 03:45 PM
Paragon

try:

Code:

rst.Open"SELECT * from Customers wher CustomerName = ' " & replace(variable,"'","''") & " ';", cnn
May 9th, 2001, 03:48 PM
fasi

PARAGON

Dont you think this code will replace one apostrophe with two ... bacause what i think is that it is reading the apostropphe as the end of the statement

can you explain a little bit what this code will do ??
May 9th, 2001, 03:50 PM
Lethal

You may want to use the 'Like' Operator. Without knowing the full impliminations of the program, I'm just throwing out another suggestion.

Code:

rst.Open "SELECT * from Customers where CustomerName Like '" & variable & "%" & "';"
May 9th, 2001, 03:54 PM
fasi

Well Lethal I am not very familiar with the like operator .. Can you tell me what is the difference in like and = operators
.
May 9th, 2001, 03:57 PM
Paragon

The reason why I replace one ' with '' is because sql statements don't like strings with ' i.e. "where customer = 'It's'" will cause an error because it thinks you're ending the string with the second apostrophe instead of the third but if you were to have "where customer = 'It''s'" will work. (just tested it, just in case) It's just one of those weird things that you need to because of when creating sql statements.
May 9th, 2001, 04:01 PM
fasi

Paragon Thanx alor I tried it It works .. but tell me one thing .. this thing i used was for storing in the database .. Is is going to effect the query in any way... when i have to retrieve the data
May 9th, 2001, 04:02 PM
fasi

and what about the names that doen't have an apostrophe .. is it going to effect them
May 9th, 2001, 04:04 PM
Lethal

The "Like" operator instructs the dbms that the following search pattern is to compared using a wildcard match, rather than a exact math. Hence, Kevin is equal to Kevin's or Kevin1234, etc...

It should solve your problem, but unexpected data may creep up, but if your only searching on a first name field, I wouldn't really worry about it to much.
May 9th, 2001, 04:08 PM
Paragon

Yep, if you were to try:

Code:

rst.Open "INSERT INTO Customers(CustomerName) Values ('It''s');"

This would actually insert "It's" into the record.
May 9th, 2001, 04:09 PM
Paragon

Nope it won't affect names without ' it just won't replace anything in it

All times are GMT -5. The time now is 03:32 PM.