Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

' or " giving me problem

Status
Not open for further replies.
FoxWing

FoxWing

Programmer
Dec 20, 2004
44
GB
Hi,

I'm trying to execute a SP with parameters. All work fine until i put a ' or a " as part of the input field.


Example:

SQLStmt = "EXEC sp_master_no @acc_no = '3000/001'," + '@name = ' + "'" + Thisform.s_name.value + "'"

EXEC(1,SQLStmt) <-- Will fail if user key-in ' or " as part of the s_name textbox field.

What should i do here if i wich to allow the ' or " to be inserted into the MSSQL database ?

Thanks
 
Sort by date Sort by votes
You know you can use single and double quotes to mark strings in Fox but did you know you can use square brackets [ and ] as well. It allows you to use the other two types of quote in a string:

lcPhrase = [He said "I'm hungry"]

Not sure if it will help here but it's worth a try.

Geoff Franklin
 
Upvote 0 Downvote
Geoff,

I had a go with ur appoarch, yes, it works for now.

Just curious, if i use your suggestion, there is no way system to accept [] as part of the string, right ?

lcPhrase = [He said "I'm hungry]"] <-- system don't like this one.

Thanks
 
Upvote 0 Downvote
You can try a "parameterized query" instead. This simply means that VFP/ODBC is responsible for encoding the string so the server understands it, instead of you trying to figure out the appropriate use of quotes/escapes/etc:
Code: 
lcAcc_No = '3000/001'
lcName   = Thisform.s_name.value 
SQLStmt  = "EXEC sp_master_no @acc_no = ?lcAcc_No, @name = ?lcName"
EXEC(1,SQLStmt)
The leading "?" alerts VFP/ODBC that what follows is a parameter name that must be bound by VFP calls to ODBC. VFP then matches the parameter name with a visible variable by the same name.
I can't promise this'll work: It does for SELECT/INSERT/DELETE queries, but I've never tried stored procedures.

- Bill

Get the best answers to your questions -- See FAQ481-4875.
 
Upvote 0 Downvote
On the other hand, with a parameterized query, there is no limit to what can be in the string.

- Bill

Get the best answers to your questions -- See FAQ481-4875.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kyletreyfield
  • Locked
  • Question
VFP9 won't start because of &quot;insufficient memory&quot;
Replies
15
Views
334
Piotr Czekalski
Piotr Czekalski
bs6600
  • Question
append from tab delimited - intersting effect (or bug)
Replies
5
Views
130
Joe Crescenzi
Joe Crescenzi
tsibert
  • Locked
  • Question
Randomly displaying single or multiple records 2
2
Replies
25
Views
2K
Piotr Czekalski
Piotr Czekalski
A_Radiolog_inFoxPro
  • Locked
  • Question
How to keep a local copy or &quot;shadow&quot; copy of a database locally so that software can run f
Replies
15
Views
293
Chris Miller
Chris Miller
Mandy_crw
  • Locked
  • Question
Can i put code in Unload or Destroy? 4
Replies
15
Views
721
Chriss Miller
C

Part and Inventory Search

Sponsor

Back
Top