Results 1 to 8 of 8

Thread: [RESOLVED]text box to database

  1. #1

    Thread Starter
    Addicted Member
    Join Date
    Feb 2006
    Location
    Hyderabad, India
    Posts
    233

    Resolved [RESOLVED]text box to database

    Hello,
    When writing a value in a textbox to the database, if there is a single quote as part of the textbox, an error is occuring. I mean if text1.text=vb's then , for writing it to database ,sql we would be something like this:
    " INSERT INTO mytable (name) values ( '" & text1.text & "')".
    This would evaluate to
    "INSERT INTO mytable (name) values ('vb's')".
    So , is there any workaround to include single quotes in the text values to be stored in the database? If yes, how?
    Thank you.
    Last edited by srisa; Apr 11th, 2006 at 05:17 AM. Reason: issue resolved

  2. #2
    Software Carpenter dee-u's Avatar
    Join Date
    Feb 2005
    Location
    Pinas
    Posts
    11,127

    Re: text box to database

    Just replace those single quotes with two single quotes, you may use the ff. function...

    VB Code:
    1. Public Function CleanText(ByVal pString As String) As String
    2.     CleanText = Replace$(pString, "'", "''")
    3. End Function

    Use it like...

    VB Code:
    1. INSERT INTO mytable (name) values ('" & CleanText(Variable) & "')".
    Regards,


    As a gesture of gratitude please consider rating helpful posts. c",)

    Some stuffs: Mouse Hotkey | Compress file using SQL Server! | WPF - Rounded Combobox | WPF - Notify Icon and Balloon | NetVerser - a WPF chatting system

  3. #3
    VB Guru ganeshmoorthy's Avatar
    Join Date
    Dec 2005
    Location
    Sharjah, United Arab Emirates
    Posts
    3,031

    Re: text box to database

    If you use
    VB Code:
    1. rs!Name = Text1.Text
    will add exactly, otherwise you have to replace single quote with double quotes and have to manage the conversion
    If an answer to your question has been helpful, then please, Rate it!

    Have done Projects in Access and Member management systems using BioMetric devices, Smart cards and BarCodes.


  4. #4
    Software Carpenter dee-u's Avatar
    Join Date
    Feb 2005
    Location
    Pinas
    Posts
    11,127

    Re: text box to database

    Quote Originally Posted by ganeshmoorthy
    If you use
    VB Code:
    1. rs!Name = Text1.Text
    will add exactly, otherwise you have to replace single quote with double quotes and have to manage the conversion
    Not double quote, two single quotes...
    Regards,


    As a gesture of gratitude please consider rating helpful posts. c",)

    Some stuffs: Mouse Hotkey | Compress file using SQL Server! | WPF - Rounded Combobox | WPF - Notify Icon and Balloon | NetVerser - a WPF chatting system

  5. #5
    Shared Member
    Join Date
    May 2005
    Location
    Kashmir, India
    Posts
    2,277

    Re: text box to database

    The better way of doing this is to build a prepared query. Prepared queries are faster and secure compared to the queries written on the fly. You do not have to take care of special characters in prepared statements and they are compiled. Take a look at the Command object of ADODB library or else do a search in the Forum and you will find lots of examples.
    Use [code] source code here[/code] tags when you post source code.

    My Articles

  6. #6

    Thread Starter
    Addicted Member
    Join Date
    Feb 2006
    Location
    Hyderabad, India
    Posts
    233

    Re: text box to database

    Thank you for the reply. One more thing:
    Is single quote the only thing that causes problems or are there other characters too that we have to check for?

  7. #7
    Shared Member
    Join Date
    May 2005
    Location
    Kashmir, India
    Posts
    2,277

    Re: text box to database

    Quote Originally Posted by srisa
    Thank you for the reply. One more thing:
    Is single quote the only thing that causes problems or are there other characters too that we have to check for?
    As I said there might be other special characters too, but you cannot go on replacing each one of them. What you should do is to use Prepared Statements. Take a look at how this piece of code that shows how to write prepared statements
    VB Code:
    1. Dim cmdSQLInsert As ADODB.Command
    2. Set cmdSQLInsert = New ADODB.Command
    3.  
    4. 'Create the query
    5. cmdSQLInsert.CommandText = "Insert Into Table1(ID, NAME, AGE) Values(?,?,?)"
    6. cmdSQLInsert.CommandType = adCmdText
    7. cmdSQLInsert.Prepared = True
    8.  
    9. 'Create the parameters
    10. 'in this case we will create three parameters
    11. '-----Param 1 (for Field ID)-------------
    12. Dim gParam As ADODB.Parameter
    13. Set gParam = New ADODB.Parameter
    14. With gParam
    15.     .Name = "ID"
    16.     .Direction = adParamInput
    17.     .Type = adChar
    18.     .Size = 10
    19.     .Value = "xxxxxxxxxx"
    20. End With
    21. cmdSQLInsert.Parameters.Append gParam
    22.  
    23. '-----Param 2 (for Field Name)-------------
    24. Set gParam = Nothing
    25. Set gParam = New ADODB.Parameter
    26. With gParam
    27.     .Name = "NAME"
    28.     .Direction = adParamInput
    29.     .Type = adVarChar
    30.     .Size = 50
    31.     .Value = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    32. End With
    33. cmdSQLInsert.Parameters.Append gParam
    34.  
    35. '-----Param 3 (for Field AGE)-------------
    36. Set gParam = Nothing
    37. Set gParam = New ADODB.Parameter
    38. With gParam
    39.     .Name = "AGE"
    40.     .Direction = adParamInput
    41.     .Type = adChar
    42.     .Size = 2
    43.     .Value = "xx"
    44. End With
    45. cmdSQLInsert.Parameters.Append gParam
    46.  
    47. 'Set the connection property of the command object
    48. Set cmdSQLInsert.ActiveConnection = mySQLConnection
    49. 'pass the values that need to be inserted to specific parameters that we created above
    50. cmdSQLInsert("ID") = txtID.Text
    51. cmdSQLInsert("NAME") = txtName.Text
    52. cmdSQLInsert("AGE") = txtAge.Text
    53.  
    54. 'Execute the command
    55. cmdSQLInsert.Execute
    Use [code] source code here[/code] tags when you post source code.

    My Articles

  8. #8

    Thread Starter
    Addicted Member
    Join Date
    Feb 2006
    Location
    Hyderabad, India
    Posts
    233

    Re: [RESOLVED]text box to database

    I Thank all of you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width