INSERT INTO problem

SU_Oran · Feb 21, 2005

This is on my HTML page

<td align=center>
<textarea cols="85" rows="7" name="Problem"></textarea>
</td>

User enters information into this box.

If they use either a quote or double quote, but SQL statement bombs. Is
there a way quick way to fix this beforehand?
Conn.execute ("INSERT INTO PROBLEMS (Problem) VALUES ('" & Problem & "')")

Thanks in advance

Bob Barrows [MVP] · Feb 21, 2005

SU_Oran said:
This is on my HTML page

<td align=center>
<textarea cols="85" rows="7" name="Problem"></textarea>
</td>

User enters information into this box.

If they use either a quote or double quote, but SQL statement bombs.
Is there a way quick way to fix this beforehand?
Conn.execute ("INSERT INTO PROBLEMS (Problem) VALUES ('" & Problem &
"')")

This is easily fixed by not using dynamic sql:

dim cmd, sSQL
sSQL = "INSERT INTO PROBLEMS (Problem) VALUES (?)"
set cmd=createobject("adodb.command")
cmd.commandtext=sSQL
set cmd.activeconnection=conn
cmd.Execute ,array(Problem),129

Bob Barrows

Gérard Leclercq · Feb 21, 2005

The best way is to use a stored procedure. Then you don't have to worry
about any kind of quotes.
More basic is
Conn.execute ("INSERT INTO PROBLEMS (Problem) VALUES (" & Chr(34) &
Replace("'","another value") & Chr(34))

Registration form	13	May 19, 2021
-2147217900:Syntax error in INSERT INTO statement.	1	Oct 2, 2006
Survey details won't go through using php, ajax, Mysql	0	Oct 26, 2023
Help with my responsive home page	2	Dec 14, 2022
Need help with code on website (noob)	2	Jul 18, 2022
Struggling with html table and verification	0	Nov 10, 2018
Java matrix problem	3	Sep 10, 2023
insert javascrpt into textarea?	15	May 11, 2008

INSERT INTO problem

SU_Oran

Bob Barrows [MVP]

Gérard Leclercq

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads