>Hallo.
>Hope I can explain my problem.
>When I'm sending a command to the SQL-server, I make a string with single or double quotes (chr(39) or chr(34)).
>But if the user uses a quote in his searchcondition, the string will be corrupt. How do I deal with quotes in the searchconditions to avoid those problem.
>
>Example:
>Lets say that the user is looking for a monitor 14".
>
>=SQLEXEC(nHandle,"select * from sqltable where field='monitor 14"' ","Result")
>
>This will not work as you see.
>
>/Kjell
Hi,
I use this method to handle special characters for SQL commands:
lcSQLVal = 'monitor 14"'
lcSQLVal = STRTRAN(lcSQLVal, [&], "' + CHAR(38) + '")
lcSQLVal = STRTRAN(lcSQLVal, ["], "' + CHAR(39) + '")
lcSQLVal = STRTRAN(lcSQLVal, ['], "' + CHAR(34) + '")
SQLEXEC(nHandle, "select * from sqltable where field = '" + lcSQLVal + "'" ,"Result")
HTH,
Arriyel
Speak using soft and sweet words in case you have to eat them later.