SQL Syntax - AndreaVB Visual Basic and VB.NET source code discussion board

Previous Topic (UNRECOGNIZED DATABASE FORMAT)

Next Topic (Create Textbox for finding data in database)

AndreaVB Forum : Database : SQL Syntax

Poster

Message

Nick2k3
Level: Big Cheese

Registered: 23-11-2003
Posts: 23

SQL Syntax

Database: SQL 2005/MS ACCESS/Pervasive SQL
Using: ADO.net

let's say i have a sql statement like this:

Select MyFirstName,MyLastName from MyFullName where MyFirstName='Richard'
(when i run it, its perfectly fine)

how about running it like this?

Select MyFirstName,MyLastName from MyFullName where MyFirstName='R'ich'a"r"d"s'

using chr(34) or chr(96) is not an option.

currently im using parameters to avoid this...but i would want to do it as sql syntax without any parameters. any suggestion?

____________________________
Error 404 ...File not found...!!!!

22-10-2006 at 09:09 AM

admin
Level: Administrator

Registered: 04-04-2002
Posts: 530

Re: SQL Syntax

you should remove these special chars before creating the sql statement, is it a user input that you want to use as filter? if so use replace function to remove (') and (") and replave them with an empty string before generating the sql statement string

____________________________
AndreaVB

25-10-2006 at 06:34 AM

Nick2k3
Level: Big Cheese

Registered: 23-11-2003
Posts: 23

Re: SQL Syntax

quote:
admin wrote:
you should remove these special chars before creating the sql statement, is it a user input that you want to use as filter? if so use replace function to remove (') and (") and replave them with an empty string before generating the sql statement string

i've done that alot of times...which is why i dont want to use it again...

thank god for ADONET and Parameters...hehehehe!!!!

____________________________
Error 404 ...File not found...!!!!

02-11-2006 at 09:06 PM

AndreaVB Forum : Database : SQL Syntax


	Surf To:



	AndreaVB Visual Basic and VB.NET source code resources - Copyright © 1999-2007 Andrea Tincani