SQL String Quotes

S

Scott

I've got a db that has a table called USERS that contains ip addresses for
each record. Below, I'm trying to select any user with an ip address equal
to the variable "usserIP". What are the proper quotes to use when using SQL
to compare a string variable to a text column?

The database is an Access 2000 database and I'm using ASP Classic.

CODE: ***********************

sSQL = "SELECT * FROM Users WHERE IP= " & "'" & userIP & "'"
 
B

Bob Barrows

Scott said:
I've got a db that has a table called USERS that contains ip
addresses for each record. Below, I'm trying to select any user with
an ip address equal to the variable "usserIP". What are the proper
quotes to use when using SQL to compare a string variable to a text
column?
The database is an Access 2000 database and I'm using ASP Classic.

CODE: ***********************

sSQL = "SELECT * FROM Users WHERE IP= " & "'" & userIP & "'"

With Jet, either full quotes or single quotes (apostrophes) may be used. Of
course, you could use parameters and never have to worry about delimiters
again, as well as eliminating the possibility that a hacker could compromise
your site using sql injection. See:
http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e
 
A

Anthony Jones

Bob Barrows said:
With Jet, either full quotes or single quotes (apostrophes) may be used.
Of course, you could use parameters and never have to worry about
delimiters again, as well as eliminating the possibility that a hacker
could compromise your site using sql injection. See:
http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

Whilst I agree completely that a command would be much better that
concatentation in this case if the REMOTE_ADDR from which the OP will be
drawing the IP address from has been hacked to contain something malicious
then the site is already in big trouble. ;)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,900
Latest member
Nell636132

Latest Threads

Top