SQL Breaks ASP

J

JP SIngh

In one of our applications we have product id field which sometime contains
'

When doing a search the sql breaks due to this. I cannot use replace
function to remove this is there anything else I can do so that this works

strProductId = 2277'778

sqlstr = " Select * from productdetails where id ='" & strProductId & "'"

In this instance the sql breaks and gives me an error. Any suggestions how i
can solve this

Regards
 
M

Martin Walke

Hi JP,

The normal way would be to replace the single quote with 2 of them, but you
say you can't do that? Why?

Martin
 
B

Bob Barrows [MVP]

JP said:
In one of our applications we have product id field which sometime
contains '

When doing a search the sql breaks due to this. I cannot use replace
function to remove this is there anything else I can do so that this
works

strProductId = 2277'778

sqlstr = " Select * from productdetails where id ='" & strProductId &
"'"

In this instance the sql breaks and gives me an error. Any
suggestions how i can solve this

Regards
Click to expand...

The easiest thing to do would be to use a saved parameter query if you are
using Access (look for posts by me containing those keywords), or a stored
procedure if you are using SQL Server.

Why can't you use Replace? It would look like this:

sqlstr = " Select * from productdetails where id ='" & _
Replace(strProductId,"'","''") & "'"

Bob Barrows
 
C

Cowboy \(Gregory A. Beamer\) [MVP]

You are going to have to replace ' with ''. When sent to the database, this
will be seen as '.

The only other option is to create a stored procedure and send the string in
as a parameter.

If both options are impossible, you are stuck.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************
Think Outside the Box!
************************************************
 
P

Phill. W

JP SIngh said:
In one of our applications we have product id field which sometime
contains '

When doing a search the sql breaks due to this.
Click to expand...

Your solution is to double-up the single quotes as you build the SQL
string, as in

strProductId = "2277'778"
strProductId = Replace( strProductId, "'", "''" )
I cannot use replace function to remove this
Click to expand...

You don't need to "remove" it, just make it safe to put into your SQL,
as above.

HTH,
Phill W.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

connect string ASP / SQL EXPRESS 0
Using IIS ASP to display a blob field in SQL Server 2005 4
SQL 2005/ ASP : ADODB.Connection error '800a0e7a' Provider cannot befound. It may not be properly in 1
MS SQL ASP Update timestamp 4
Seeking co-founders for my company. 3
Query runs in SQl server but not on ASP page 4
How to transfer breaks from a textarea ? 4
ASP page displaying SQL table data 2

Members online

Total: 1,973 (members: 2, guests: 1,971)
Robots: 166

Forum statistics

Threads
474,159
Messages
2,570,881
Members
47,418
Latest member
NoellaXku

Latest Threads

Top