INSERT INTO problem

Discussion in 'ASP General' started by SU_Oran, Feb 21, 2005.

  1. SU_Oran

    SU_Oran Guest

    This is on my HTML page

    <td align=center>
    <textarea cols="85" rows="7" name="Problem"></textarea>
    </td>

    User enters information into this box.

    If they use either a quote or double quote, but SQL statement bombs. Is
    there a way quick way to fix this beforehand?
    Conn.execute ("INSERT INTO PROBLEMS (Problem) VALUES ('" & Problem & "')")

    Thanks in advance
     
    SU_Oran, Feb 21, 2005
    #1
    1. Advertising

  2. SU_Oran wrote:
    > This is on my HTML page
    >
    > <td align=center>
    > <textarea cols="85" rows="7" name="Problem"></textarea>
    > </td>
    >
    > User enters information into this box.
    >
    > If they use either a quote or double quote, but SQL statement bombs.
    > Is there a way quick way to fix this beforehand?
    > Conn.execute ("INSERT INTO PROBLEMS (Problem) VALUES ('" & Problem &
    > "')")
    >

    This is easily fixed by not using dynamic sql:


    dim cmd, sSQL
    sSQL = "INSERT INTO PROBLEMS (Problem) VALUES (?)"
    set cmd=createobject("adodb.command")
    cmd.commandtext=sSQL
    set cmd.activeconnection=conn
    cmd.Execute ,array(Problem),129

    Bob Barrows
    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
     
    Bob Barrows [MVP], Feb 21, 2005
    #2
    1. Advertising

  3. The best way is to use a stored procedure. Then you don't have to worry
    about any kind of quotes.
    More basic is
    Conn.execute ("INSERT INTO PROBLEMS (Problem) VALUES (" & Chr(34) &
    Replace("'","another value") & Chr(34))
     
    Gérard Leclercq, Feb 21, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Harry Zoroc
    Replies:
    1
    Views:
    993
    Gregory Vaughan
    Jul 12, 2004
  2. cannontrodder
    Replies:
    1
    Views:
    763
    cannontrodder
    Jul 25, 2006
  3. impulse()
    Replies:
    0
    Views:
    2,564
    impulse()
    Oct 13, 2006
  4. Replies:
    5
    Views:
    292
  5. Sergio del Amo
    Replies:
    4
    Views:
    267
Loading...

Share This Page