Workaround for ' in sql

Results 1 to 4 of 4

Thread: Workaround for ' in sql

  1. #1
    Chrace Guest

    Default Workaround for ' in sql

    example:<BR>sSql = "SELECT FROM tbl WHERE Name = &#039" & Request("Name") & "&#039"<BR><BR>What if user writes "It&#039s me!" in that input field?<BR>This would make sSql "SELECT FROM tbl WHERE Name = &#039It&#039s me!&#039" - which is not good for most sql servers.<BR><BR>Do I have to keep using my string parser to search for that "&#039" and make it a double or is there a quick workaround?

  2. #2
    E! Guest

    Default RE: Workaround for ' in sql

    This is a function that I use:<BR><BR>function DblQuote(fld)<BR> DblQuote = Replace(fld, "&#039", "&#039&#039") <BR>end function<BR><BR>impGrpID = DblQuote(Request("FieldImpGrpID"))

  3. #3
    E! Guest

    Default RE: Workaround for ' in sql

    Bringing it back in from the db, I reverse it...<BR><BR>

  4. #4
    Join Date
    Dec 1969

    Default RE: Workaround for ' in sql

    or you could use<BR><BR>function Quote(fld)<BR>Quote = Replace(fld, "&#039", "&lsquo;") <BR>end function<BR><BR>If the data is to be used on a IE browser you can leave it asis otherwise reverse the above when retrieving the data.<BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts