Quotes in SQL-strings? - Level Extreme

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Quotes in SQL-strings?

Message

From

22/05/2007 15:34:27

Arriyel Cabansag
Msr Inc.
Toronto, Ontario, Canada

22/05/2007 06:52:19

Kjell Svedlund
Karolinska University Hospital
Stockholm, Sweden

General information

Forum:

Visual FoxPro

Category:

Coding, syntax & commands

Title:

Re: Quotes in SQL-strings?

Environment versions

Visual FoxPro:

VFP 9 SP1

OS:

Windows XP

Network:

Windows 2003 Server

Database:

MS SQL Server

Miscellaneous

Thread ID:

01227570

Message ID:

01227733

Views:

>Hallo.
>Hope I can explain my problem.
>When I'm sending a command to the SQL-server, I make a string with single or double quotes (chr(39) or chr(34)).
>But if the user uses a quote in his searchcondition, the string will be corrupt. How do I deal with quotes in the searchconditions to avoid those problem.
>
>Example:
>Lets say that the user is looking for a monitor 14".
>

>=SQLEXEC(nHandle,"select *  from sqltable where field='monitor 14"' ","Result")
>

>This will not work as you see.
>
>/Kjell

Hi,

I use this method to handle special characters for SQL commands:

   lcSQLVal = 'monitor 14"'
   ** For Ampersands
   lcSQLVal = STRTRAN(lcSQLVal, [&], "' + CHAR(38) + '")
   ** For Single Quotes
   lcSQLVal = STRTRAN(lcSQLVal, ["], "' + CHAR(39) + '")
   ** For Double Quotes
   lcSQLVal = STRTRAN(lcSQLVal, ['], "' + CHAR(34) + '")

   SQLEXEC(nHandle, "select *  from sqltable where field = '" + lcSQLVal + "'" ,"Result")

HTH,
Arriyel

Speak using soft and sweet words in case you have to eat them later.

Map

View

Click here to load this message in the networking platform