Facebook Twitter Reddit LinkedIn

Dreaded Single Quote Problem

One of the biggest problems new ASP developers have is with single quotes (I know I did). When a user enters a name like "O'Neal" and then you try to write it to the database you'll get an error. It's not as hard as you might think it is. When 2 single quotes are entered SQL accepts them as 1 quote. There are two easy ways to go about it...

Function SQLQuote(var)
If InStr(var, "'") <> 0 Then
var = Replace(var, "'", "''")
End If
SQLQuote = var
End Function

Then use is like this: SqlQuote(txtPubTitle)



txtPubTitle = replace(Request.Form("txtPubTitle"),"'","''")

note: If you're using Stored Procedures you won't have to worry about this.

Source: Chuck Dearbeck
© 2007-2019 All rights reserved.   Part of the somuch.com group of trusted web sites.   PO Box 351031, Palm Coast FL 32135-1031