jplatter
24th May 2007 21:12 UTC

Textbox and Apostrophe
Hi, I am using the MSSQL Plugin. I am capturing user information on a custom page with text boxes. I save the user's input to variables to be used later in a SQL statement.

The problem that I am having is if the user inputs information into the text box with an apostrophe, i.e. "Jason's". It works fine if the user doesn't use an apostrophe, but I want to cover the possibility that they might.

Here is my code:

MSSQL_OLEDB::SQL_Execute /NOUNLOAD 'UPDATE DatabaseName.dbo.TableName SET ColumnName = "$SCHOOLDISTRICT" WHERE AnotherColumn = "SomeValue"'

Thanks.

sgiusto
24th May 2007 23:09 UTC

I don't understand where you have the problem? The resulting SQL statement runs correctly under query analyzer? Isn't that a problem of SQL syntax? Try using square brackets or dequoting the offending character

Afrow UK
25th May 2007 17:01 UTC

You need to use StrReplace on the variables to escape the string.

Stu