Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Single quotes and apostrophes in ASP

Status
Not open for further replies.
cwolgamott

cwolgamott

Programmer
May 29, 2002
69
US
Hello. :) I am writing some ASP pages where I would like the user to be able to enter in a subject and description. Then, I would like to insert the subject and description into a SQL Server 2000 table. However, if the user enters an apostrophe or single quote in the subject or description, it errors out and will not insert the record into the table. Here is the code for how I am inserting the code into SQL:

SQL = " INSERT INTO CaseInfo (CaseInfo.casenum, CaseInfo.caller, CaseInfo.subject, CaseInfo.description, CaseInfo.assignedto, CaseInfo.openedby, CaseInfo.dateopened, CaseInfo.daterequested, CaseInfo.dateneeded, CaseInfo.dateestimated, CaseInfo.iscompleted, CaseInfo.respondedto, CaseInfo.percentcomplete, CaseInfo.status) "
SQL = SQL + "VALUES (" + CStr(newCaseNumber) + ", " + "'" + inputFullName2 + "', " + "'" + Request("subject") + "', " + "'" + Request("description") + "', " + "'" + "UNASSIGNED" + "', " + "'" + "INTRANET" + "', " + "GETDATE()" + ", " + "'" + dateVar + "', " + "'" + dateVar + "', " + "GETDATE()" + ", " + "'" + "N" + "', " + "'" + "N" + "', " + "0" + ", " + "'" + "NOT STARTED" + "')"
conn1.Execute(SQL)

I would greatly appreciate any help or suggestions. :) Thank you. :)
 
Sort by date Sort by votes
you need to replace the single quotes with some other variable...

strSomething = replace(theString, "'", "&chr(39)")

replaces all single apostrophies with the &chr(39) which is the character for '

remember when you display the data to replace the &chr(39) with the ' so that all reads okay

hth

Bastien

There are many ways to skin this cat,
but it still tastes like chicken
 
Upvote 0 Downvote
Thank you so much for your reply. :) I greatly appreciate it. :)
 
Upvote 0 Downvote
Good morning. Another way to do this is to replace the single quote with two single qoutes in you sql statement. SQL Server knows you really mean one single quote. When you display your text it will be the way you intended it to be thus you don't have to do a replace after extracting the date from the data base.

Ex.
theString = "cwolgamott's cool app."
strSomething = replace(theString, "'", "''")

strSomething will now have the value of "cwolgamott''s cool app."

SQL Server will know to only store "cwolgamott's cool app." into the database.

Thanks,

Gabe


 
Upvote 0 Downvote
Thank you so much for your reply. :) I greatly appreciate it. :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
write HTML code within ASP line
Replies
1
Views
264
xwb
xwb
leifoet
  • Locked
  • Question
How to send HTML emails with ASP classic?
Replies
0
Views
245
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
Return to current location on page after asp processes.
Replies
2
Views
196
penguinspeaks
penguinspeaks
penguinspeaks
  • Locked
  • Question
Parse a database field that is comma delimited and input the results into another table
Replies
0
Views
173
penguinspeaks
penguinspeaks
Swi
  • Locked
  • Question
JQUERY AJAX POST and how to receive data via Classic ASP
Replies
0
Views
278
Swi
Swi

Part and Inventory Search

Sponsor

Back
Top