Quotes in SQL-strings? - Level Extreme

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Quotes in SQL-strings?

Message

22/05/2007 15:34:27

Arriyel Cabansag
Msr Inc.
Toronto, Ontario, Canada

22/05/2007 06:52:19

Kjell Svedlund
Karolinska University Hospital
Stockholm, Suède

Information générale

Forum:

Visual FoxPro

Catégorie:

Codage, syntaxe et commandes

Titre:

Re: Quotes in SQL-strings?

Versions des environnements

Visual FoxPro:

VFP 9 SP1

OS:

Windows XP

Network:

Windows 2003 Server

Database:

MS SQL Server

Divers

Thread ID:

01227570

Message ID:

01227733

Vues:

>Hallo.
>Hope I can explain my problem.
>When I'm sending a command to the SQL-server, I make a string with single or double quotes (chr(39) or chr(34)).
>But if the user uses a quote in his searchcondition, the string will be corrupt. How do I deal with quotes in the searchconditions to avoid those problem.
>
>Example:
>Lets say that the user is looking for a monitor 14".
>

>=SQLEXEC(nHandle,"select *  from sqltable where field='monitor 14"' ","Result")
>

>This will not work as you see.
>
>/Kjell

Hi,

I use this method to handle special characters for SQL commands:

   lcSQLVal = 'monitor 14"'
   ** For Ampersands
   lcSQLVal = STRTRAN(lcSQLVal, [&], "' + CHAR(38) + '")
   ** For Single Quotes
   lcSQLVal = STRTRAN(lcSQLVal, ["], "' + CHAR(39) + '")
   ** For Double Quotes
   lcSQLVal = STRTRAN(lcSQLVal, ['], "' + CHAR(34) + '")

   SQLEXEC(nHandle, "select *  from sqltable where field = '" + lcSQLVal + "'" ,"Result")

HTH,
Arriyel

Speak using soft and sweet words in case you have to eat them later.

Répondre

Fil

Voir

Click here to load this message in the networking platform