number format

Discussion in 'ASP General' started by M. Savas Zorlu, Sep 23, 2008.

  1. Hi,

    Our thousand seperator is period, and decimal seperator is comma.

    so a number looks like this: 1.456,60

    formatnumber() produces above format.

    When entering this value into database, I get error, because comma is
    also used by SQL to separate records.

    If the number is smaller than thousand, I can solve thi sby replacing
    comma with period. but when the number is thousand or greater, I cant
    fix it.

    Can anyone tell me a workaround for this please?
    M. Savas Zorlu, Sep 23, 2008
    #1
    1. Advertising

  2. "M. Savas Zorlu" <> wrote in message
    news:O0iYd$...
    > Hi,
    >
    > Our thousand seperator is period, and decimal seperator is comma.
    >
    > so a number looks like this: 1.456,60
    >
    > formatnumber() produces above format.
    >
    > When entering this value into database, I get error, because comma is also
    > used by SQL to separate records.
    >
    > If the number is smaller than thousand, I can solve thi sby replacing
    > comma with period. but when the number is thousand or greater, I cant fix
    > it.
    >
    > Can anyone tell me a workaround for this please?
    >



    Stop using formatnumber for this job. Also you are probably using string
    contentation to build up your SQL string including the parameter. Stop
    doing that as well. Use a command object and add parameters for the
    appropriate type.



    --
    Anthony Jones - MVP ASP/ASP.NET
    Anthony Jones, Sep 23, 2008
    #2
    1. Advertising

  3. Hi Anthony,

    Can you please explain string contentation? and can you please give an
    example of using a command object?

    regards,

    Savas

    Anthony Jones wrote:
    > "M. Savas Zorlu" <> wrote in message
    > news:O0iYd$...
    >> Hi,
    >>
    >> Our thousand seperator is period, and decimal seperator is comma.
    >>
    >> so a number looks like this: 1.456,60
    >>
    >> formatnumber() produces above format.
    >>
    >> When entering this value into database, I get error, because comma is
    >> also used by SQL to separate records.
    >>
    >> If the number is smaller than thousand, I can solve thi sby replacing
    >> comma with period. but when the number is thousand or greater, I cant
    >> fix it.
    >>
    >> Can anyone tell me a workaround for this please?
    >>

    >
    >
    > Stop using formatnumber for this job. Also you are probably using
    > string contentation to build up your SQL string including the
    > parameter. Stop doing that as well. Use a command object and add
    > parameters for the appropriate type.
    >
    >
    >
    M. Savas Zorlu, Sep 23, 2008
    #3
  4. "M. Savas Zorlu" <> wrote in message
    news:...
    > Hi Anthony,
    >
    > Can you please explain string contentation?


    sSQL = "UPDATE myTable SET myField = " & myNumber

    The problem is if myNumber is ultimately supplied by the client a malicious
    person can inject SQL code that will do bad things. Search google for SQL
    Injection.

    > and can you please give an example of using a command object?
    >


    See this:-
    http://msdn.microsoft.com/en-us/library/ms524771.aspx

    --
    Anthony Jones - MVP ASP/ASP.NET
    Anthony Jones, Sep 23, 2008
    #4
  5. Thanks Anthony

    Anthony Jones wrote:
    > "M. Savas Zorlu" <> wrote in message
    > news:...
    >> Hi Anthony,
    >>
    >> Can you please explain string contentation?

    >
    > sSQL = "UPDATE myTable SET myField = " & myNumber
    >
    > The problem is if myNumber is ultimately supplied by the client a
    > malicious person can inject SQL code that will do bad things. Search
    > google for SQL Injection.
    >
    >> and can you please give an example of using a command object?
    >>

    >
    > See this:-
    > http://msdn.microsoft.com/en-us/library/ms524771.aspx
    >
    M. Savas Zorlu, Sep 23, 2008
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    697
    Joe Kesselman
    Sep 19, 2006
  2. Ken Starks
    Replies:
    4
    Views:
    342
    Ken Starks
    Jun 23, 2008
  3. Chris Rebert
    Replies:
    1
    Views:
    382
    Grant Edwards
    Nov 5, 2010
  4. Tim Chase
    Replies:
    2
    Views:
    549
    Tim Chase
    Nov 6, 2010
  5. Fei Liu
    Replies:
    21
    Views:
    2,351
    John Bokma
    Dec 16, 2006
Loading...

Share This Page