|
-
May 31st, 2006, 09:44 AM
#1
Thread Starter
Hyperactive Member
 [RESOLVED] SQL INSERT error
I am trying to INSERT new data into an MsACCESS 2003 DB. The field am trying to populate is comments field, with a field type of memo. When I type my comments with an apostrophe (') I get an error when submitting the info but without the apostrophe, it is Ok. How can I code to make sure that the apostrophe does not create an error?
-
May 31st, 2006, 09:47 AM
#2
Re: SQL INSERT error
Replacing each single tick with 2 tics ("escaping" the single quotes) should do it:
VB Code:
<your text variable here> = Replace(<your text variable here>, "'", "''")
The most difficult part of developing a program is understanding the problem.
The second most difficult part is deciding how you're going to solve the problem.
Actually writing the program (translating your solution into some computer language) is the easiest part.
Please indent your code and use [HIGHLIGHT="VB"] [/HIGHLIGHT] tags around it to make it easier to read.
Please Help Us To Save Ana
-
May 31st, 2006, 09:47 AM
#3
Re: SQL INSERT error
Access doesnt like '
how are u adding it? (Post code)
JPnyc rocks!! (Just ask him!)
If u have your answer please go to the thread tools and click "Mark Thread Resolved"
-
May 31st, 2006, 09:49 AM
#4
Re: SQL INSERT error
You should either replace the apostrophe with two apostrophes using Replace. However, I personally do not recommend that instead you should be using parametrized queries. Take a look at this thread expecially post #5
http://www.vbforums.com/showthread.p...ighlight=Query
Use [code] source code here[/code] tags when you post source code.
My Articles
-
May 31st, 2006, 10:22 AM
#5
Thread Starter
Hyperactive Member
Re: SQL INSERT error
The code is:-
VB Code:
sSQL = sSQL = "INSERT INTO movieInfo (title, actor, producer, comment) VALUES ("
sSQL = sSQL & Val(txtTitle.Text) & ", "
sSQL = sSQL & "'" & txtactor.Text & "', "
sSQL = sSQL & "'" & txtproducer.Text & "', "
sSQL & "'" & txtComment.Text & "') "
Thanks
-
May 31st, 2006, 10:25 AM
#6
Re: SQL INSERT error
Did you check out the link that I posted above?
Use [code] source code here[/code] tags when you post source code.
My Articles
-
May 31st, 2006, 10:37 AM
#7
Re: SQL INSERT error
try using " instead of '
VB Code:
sSQL = sSQL = "INSERT INTO movieInfo (title, actor, producer, comment) VALUES ("
sSQL = sSQL & Val(txtTitle.Text) & ", "
sSQL = sSQL & Chr(34) & txtactor.Text & Chr(34) & ", "
sSQL = sSQL & Chr(34) & txtproducer.Text & Chr(34) & ", "
sSQL = sSQL & Chr(34) & txtComment.Text & Chr(34) & ") "
JPnyc rocks!! (Just ask him!)
If u have your answer please go to the thread tools and click "Mark Thread Resolved"
-
May 31st, 2006, 10:41 AM
#8
Re: SQL INSERT error
Does the producer or actor name look this: O'Neil? If so then ye single qoute (') need to be replaced byu two single qoutes (''). The same goes for the comment text if Sam's is used then the single qoute again needs to be replaced by two single qoutes.
Sometimes the Programmer 
Sometimes the DBA 
Mazz1
-
May 31st, 2006, 11:19 AM
#9
Re: SQL INSERT error
Ugh....
Parameterized query folks.... Parameterized queries....
VB Code:
sSQL = "INSERT INTO movieInfo (title, actor, producer, comment) VALUES (?,?,?,?)
objCommand.CommandText = sSQL
objCommand.CommandType = adCommandText
objCommand.Parameters.Add objCommand.CreateParameter("title",advarchar,50, txtTitle.Text)
objCommand.Parameters.Add objCommand.CreateParameter("actor",advarchar,50, txtactor.Text)
objCommand.Parameters.Add objCommand.CreateParameter("producer",advarchar,50, txtproducer.Text)
objCommand.Parameters.Add objCommand.CreateParameter("comment",advarchar,50, txtComment.Text)
objCommand.Execute
Just change the 50 to suit your needs (it's the length of the field in the database.
-tg
edit: I think I also forgot a parameter or two in the createparameter function, so don't copy paste it directly.... I'm doing this off of memory here.
-
May 31st, 2006, 11:25 AM
#10
Thread Starter
Hyperactive Member
Re: SQL INSERT error
Guys, thanks for your views, I have tried the two types and they work.
Thanks a million.
-
May 31st, 2006, 11:27 AM
#11
Frenzied Member
Re: SQL INSERT error
 Originally Posted by techgnome
Ugh....
Parameterized query folks.... Parameterized queries....
VB Code:
sSQL = "INSERT INTO movieInfo (title, actor, producer, comment) VALUES (?,?,?,?)
objCommand.CommandText = sSQL
objCommand.CommandType = adCommandText
objCommand.Parameters.Add objCommand.CreateParameter("title",advarchar,50, txtTitle.Text)
objCommand.Parameters.Add objCommand.CreateParameter("actor",advarchar,50, txtactor.Text)
objCommand.Parameters.Add objCommand.CreateParameter("producer",advarchar,50, txtproducer.Text)
objCommand.Parameters.Add objCommand.CreateParameter("comment",advarchar,50, txtComment.Text)
objCommand.Execute
Just change the 50 to suit your needs (it's the length of the field in the database.
-tg
edit: I think I also forgot a parameter or two in the createparameter function, so don't copy paste it directly.... I'm doing this off of memory here.
Would the syntax for this, following this example, be this
VB Code:
sSQL = "INSERT INTO movieInfo (title, actor, producer, comment) VALUES ('" & txtTitle.Text & "', '" & txtActor.Text & "', '" & txtProducer.Text & "', '" & txtComment.Text & "')"
objCommand.CommandText = sSQL
objCommand.CommandType = adCommandText
objCommand.Parameters.Add objCommand.CreateParameter("title",advarchar,50, txtTitle.Text)
objCommand.Parameters.Add objCommand.CreateParameter("actor",advarchar,50, txtactor.Text)
objCommand.Parameters.Add objCommand.CreateParameter("producer",advarchar,50, txtproducer.Text)
objCommand.Parameters.Add objCommand.CreateParameter("comment",advarchar,50, txtComment.Text)
objCommand.Execute sSQL
Don't you need the sSQL after the .Execute?
Beantown Boy
Please use [highlight=vb]your code goes in here[/highlight] tags when posting code.
When you have received an answer to your question, please mark it as resolved using the Thread Tools menu.
-
May 31st, 2006, 12:08 PM
#12
Re: [RESOLVED] SQL INSERT error
Its already assigned to the command object's CommandText property SeanK.
-
May 31st, 2006, 12:22 PM
#13
Re: [RESOLVED] SQL INSERT error
No, and the sSQL is wrong anyways.... in your example, there isn't any placeholders for the data... you've concatenated them back in... this thread is the perfect example of why string concatenation is not recommended for SQL strings.... as evidence has shown problems arise when string delimeters show up in the data. By using parameterized queries, the problem goes away as ADO will take care of the translation for you. Also prevents the possibility of a SQL Injection attack....
-tg
-
May 31st, 2006, 12:37 PM
#14
Frenzied Member
Re: [RESOLVED] SQL INSERT error
Originally Posted by techgnome
No, and the sSQL is wrong anyways.... in your example, there isn't any placeholders for the data... you've concatenated them back in... this thread is the perfect example of why string concatenation is not recommended for SQL strings.... as evidence has shown problems arise when string delimeters show up in the data. By using parameterized queries, the problem goes away as ADO will take care of the translation for you. Also prevents the possibility of a SQL Injection attack....
-tg
Ok..geez. I have slapped myself. 
However, I don't understand, given all of this, how the VALUES clause would work. You posted
VB Code:
sSQL = "INSERT INTO movieInfo (title, actor, producer, comment) VALUES (?,?,?,?)
objCommand.CommandText = sSQL
objCommand.CommandType = adCommandText
objCommand.Parameters.Add objCommand.CreateParameter("title",advarchar,50, txtTitle.Text)
objCommand.Parameters.Add objCommand.CreateParameter("actor",advarchar,50, txtactor.Text)
objCommand.Parameters.Add objCommand.CreateParameter("producer",advarchar,50, txtproducer.Text)
objCommand.Parameters.Add objCommand.CreateParameter("comment",advarchar,50, txtComment.Text)
objCommand.Execute
Would I actually put question marks in the VALUES clause?
Beantown Boy
Please use [highlight=vb]your code goes in here[/highlight] tags when posting code.
When you have received an answer to your question, please mark it as resolved using the Thread Tools menu.
-
May 31st, 2006, 12:47 PM
#15
Re: [RESOLVED] SQL INSERT error
Yes, and its interpreted as placeholders for parameters... the values of which are provided by the parameters collection of the command object.
VB Code:
objCommand.Parameters.Add objCommand.CreateParameter("title",advarchar,50, [b]txtTitle.Text[/b])
objCommand.Parameters.Add objCommand.CreateParameter("actor",advarchar,50, [b]txtactor.Text[/b])
objCommand.Parameters.Add objCommand.CreateParameter("producer",advarchar,50, [b]txtproducer.Text[/b])
objCommand.Parameters.Add objCommand.CreateParameter("comment",advarchar,50, [b]txtComment.Text[/b])
The replacement/update of the values is done by FIFO (first parameter object provides data for the first ?)
After all parameters have values then the query executes without an error.
-
May 31st, 2006, 12:56 PM
#16
Frenzied Member
Re: [RESOLVED] SQL INSERT error
Originally Posted by leinad31
Yes, and its interpreted as placeholders for parameters... the values of which are provided by the parameters collection of the command object.
VB Code:
objCommand.Parameters.Add objCommand.CreateParameter("title",advarchar,50, [b]txtTitle.Text[/b])
objCommand.Parameters.Add objCommand.CreateParameter("actor",advarchar,50, [b]txtactor.Text[/b])
objCommand.Parameters.Add objCommand.CreateParameter("producer",advarchar,50, [b]txtproducer.Text[/b])
objCommand.Parameters.Add objCommand.CreateParameter("comment",advarchar,50, [b]txtComment.Text[/b])
The replacement/update of the values is done by FIFO (first parameter object provides data for the first ?)
After all parameters have values then the query executes without an error.
Ok...cool. I think I'm actually starting to get this (and like it  )
So, I would use advarchar for text. What would I use to insert values into a int field?
Also, is this something that is confined to INSERTS or would I do the same thing with UPDATES?
Beantown Boy
Please use [highlight=vb]your code goes in here[/highlight] tags when posting code.
When you have received an answer to your question, please mark it as resolved using the Thread Tools menu.
-
May 31st, 2006, 01:00 PM
#17
Re: [RESOLVED] SQL INSERT error
adinteger .... when you press the , to move from the parameter name to the data type, you *should* be getting intellisense that will give you a list of the ad datatypes....
you can do this on inserts, deletes, updates, and even selects....
-tg
-
May 31st, 2006, 01:17 PM
#18
Frenzied Member
Re: [RESOLVED] SQL INSERT error
Originally Posted by techgnome
adinteger .... when you press the , to move from the parameter name to the data type, you *should* be getting intellisense that will give you a list of the ad datatypes....
you can do this on inserts, deletes, updates, and even selects....
-tg
Cool.
Is it possible for a thread to be closed twice by two different people?
Thanks techgnome and leinad31. I learned a lot from this.
And, thank you osemollie for asking the question in the first place. 
Beantown Boy
Please use [highlight=vb]your code goes in here[/highlight] tags when posting code.
When you have received an answer to your question, please mark it as resolved using the Thread Tools menu.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
