Results 1 to 4 of 4
  1. #1
    Join Date
    Jul 2003
    Location
    Penang, Malaysia
    Posts
    212

    Unanswered: Solving the ' in ASP with SQL Statements

    Hi All,

    It's probaly still Sunday in most areas, but hope I get a quick response on this 1.....


    I'm doing ASP with SQL 2000. And for the moment, I write inline SQL Scripts into my ASP pages. Store procs can only come later ( don't ask why...).

    So as most of u will know, if any characther from the textboxes comes with a ' , everything will go haywire!

    Thus, I'm using this existing code to solve the prob:

    Code:
      FAddress = Replace(FAddress, "'", "%%")
    
    Call OpenDB()
    SQL_query =" SET NOCOUNT ON" & _
    " set DateFormat dmy" & _
    " declare  @FAddress varchar(100)" & _
    " set @FAddress='"& FAddress &"'" & _
    " set @FAddress=(replace(@FAddress,'%%',''''))" & _........and so on
    Is there a better way? Some problems from this is if I am inserting large info in a text datatype, I can't do it.....

    Some code or function that I can call and apply to my entire system without recoding alot....

    SQL and ASP jedi masters...please enlighten me.
    Patrick Chua
    LBMS ( Learn By My Self) NPQ ( No paper Qualification )

  2. #2
    Join Date
    Dec 2003
    Posts
    454
    I used

    Replace(myString, "'", "''")

  3. #3
    Join Date
    Jul 2003
    Location
    Penang, Malaysia
    Posts
    212
    I have tons of ASP variables to recode then...

    I have to recode them to become

    Code:
    FUserName=trim(replace(request.Form("UserName"), "'", "''"))
    .....and so on....
    Any magic function I can do?? At application, session, or SQL Database level???

    Slim chance...but if any...do inform...
    Patrick Chua
    LBMS ( Learn By My Self) NPQ ( No paper Qualification )

  4. #4
    Join Date
    Jan 2003
    Location
    London, England
    Posts
    106
    I have been using the same as gyuan for over 4 years, but there is always the possibility of Server.HTMLencode(Variable) I belive...but I tend to prefer the first option.
    Frettmaestro
    "Real programmers don't document, if it was hard to write it should be hard to understand!"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •