>Hi John,
>>I have a search form that allows my users to search for record by entering in their search criteria in one to six textboxes, but the way I build my select statment based on their criteria does not allow for single quotes to be used as searching criteria (my select will bomb). *SNIP*
>Have you considered reworking your select builder to use '[' instead of "'"?
>As someone else has already pointed out "'" may be part of a valid search request, for example "Dan's House of Cards".
>* SNIP *
>>First, what is the best practice in dealing with this? Should I allow the single quote and then display the message, or should I just not allow it in the first place? Is there a standardized way of dealing with this type of entry validation?
>My personal preference is to take what the user gives, transform it to something my code can use (STRTRAN(), CHRTRAN(), etc.) and provide modeless feedback to the user as to what has been done.
>>
>>IF I end up allowing a single quote, what would be the "best method" of scanning the six textfields values for the illegal single quote?
>If you must disallow entry perhaps OCCURS, AT, or the $ operator
>
>HTH,
> Ned
Thanks for your suggestions...The concensus seems to be to change the sql builder code to allow for single quotes and not worry about what the user types in...I agree.
Thanks.
John.
Précédent
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement