×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Replacing symbols in SQLQuery

Replacing symbols in SQLQuery

Replacing symbols in SQLQuery

(OP)


If a string that is going from a text area in a database contains ' the SQLquery is interrupted.
To avoid this I have to replace this ' with another symbol that does not affect the SQLquery.
How do I accomplish this?

 

RE: Replacing symbols in SQLQuery

Substitute each ' with ''.  I know this works for Oracle.

so "it's 'time'"  becomes "it''s ''time''"

RE: Replacing symbols in SQLQuery

(OP)
I could do that... but I want it to do it automatically so my users don't have to think about it.

RE: Replacing symbols in SQLQuery

Then change the code that handles the DML to replace each ' with ''.  Its hard to give more details without knowing your specific implementation.  But say for example you're using PHP

CODE

$query = str_replace("'","''",$input);

RE: Replacing symbols in SQLQuery

I'm not familiar with ASP.  But the concept is the same.  Take the inputs, replace every ' with '', then perform the sql.

RE: Replacing symbols in SQLQuery

Somewhere in save_user.asp, you must be building a SQL query that you pass to Access, right?

In asp, you would use the replace function in a similar way that jaxtell shows.  The syntax is slightly different in ASP, but the concept is the same.

CODE

SQL = Replace(SQL, "'", "'")

Better yet... Learn how to use a command object with parameters.  

If you think it's not important to do this, I encourage you to read up on SQL Injection.

-George

"The great things about standards is that there are so many to choose from." - Fortune Cookie Wisdom
 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close