sql server new users: how to prevent apostrophes in sql string? -- sql server new users

You're in the

sql server new users

group:

how to prevent apostrophes in sql string?

Ben
1/28/2006 12:00:00 AM

sql server new users: Hi,

I made a form where visitors can introduce data.
I use this:
strsql="INSERT INTO mytable (field1,field2 ...) values('" & lol & "',#" &
dat & ...)"

My problem is that when someone introduces a quotation mark, i get a error
and the insert fails (e.g. nam'e).

How can i prevent that? Controling each entered character seems me to be a
very big work ...

Thanks
Ben

Re: how to prevent apostrophes in sql string?

Tom Moreau
1/28/2006 12:00:00 AM

It's better to use stored procs with parameters and then use ADO to create a
command, add the parameters and execute the proc.

--
Tom

----------------------------------------------------
Thomas A. Moreau, BSc, PhD, MCSE, MCDBA
SQL Server MVP
Columnist, SQL Server Professional
Toronto, ON Canada
www.pinpub.com
..
[quoted text, click to view]
Hi,

I made a form where visitors can introduce data.
I use this:
strsql="INSERT INTO mytable (field1,field2 ...) values('" & lol & "',#" &
dat & ...)"

My problem is that when someone introduces a quotation mark, i get a error
and the insert fails (e.g. nam'e).

How can i prevent that? Controling each entered character seems me to be a
very big work ...

Thanks
Ben

Re: how to prevent apostrophes in sql string?

Kevin
1/29/2006 12:00:00 AM

Thanks

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages in the sql server new users group.

home · blog · groups

Questions? Comments? Contact the dn