Solved

Handling apostrophe characters in a textbox when the text becomes a value in a SQL string

Posted on 2002-03-04
8
360 Views
Last Modified: 2012-08-13
I have a VB6 app which uses ADO to interact with an Access database. One of the forms in the app is for data-entry, transcribing scores and comments from an evaluation form and entering the form values as a new record in a table. Here's the problem: the comments go into textboxes and then the textbox's text becomes part of a SQL insertion string, which inserts the text into a memo field in the record, but if there is any punctuation involving an apostrophe, it wrecks the SQL string and I get a run-time error saying my query expression has a missing operator. How do I get around this? The SQL string looks like this:

  'build sql string from form field values
  strSQL = _
    "INSERT INTO DailyShiftReports(EmployeeName, ReportDate, " & _
    "Captain, Sect, OpeningDutiesScore, OpeningDutiesComments, " & _
    "TableMaintenanceScore, TableMaintenanceComments, TeamworkScore, " & _
    "TeamworkComments, TablesideMannerScore, TablesideMannerComments, " & _
    "BooksPOSScore, BooksPOSComments, CompletedFocus, SessionNotes, TotalScore)" & _
    "VALUES('" & cboEmployeeMaster(0).Text & "', '" & strReportDate & "', '" & _
    cboCaptain.Text & "', '" & cboSection.Text & "', '" & _
    txtOpeningDutiesScore.Text & "', '" & txtOpeningDutiesComments.Text & "', '" & _
    txtTableMaintScore.Text & "', '" & txtTableMaintComments.Text & "', '" & _
    txtTeamworkScore.Text & "', '" & txtTeamworkComments.Text & "', '" & _
    txtTablesideScore.Text & "', '" & txtTablesideComments.Text & "', '" & _
    txtPOSScore.Text & "', '" & txtPOSComments.Text & "', '" & _
    chkCompletedFocus.Value & "', '" & txtSessionNotes.Text & "', '" & _
    txtTotalScore.Text & "')"
0
Comment
Question by:bob_aloo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 6840879
Add the following line after the SQL is assigned:
strSQL = Replace(strSQL, "'", "''")

In other words, replace a single apostrophe with two single apostrophes.

Anthony
0
 
LVL 52

Expert Comment

by:Ryan Chong
ID: 6840886
Hi bob_aloo,

Try to replace the apostrophe characters with Replace function in VB:

Example:

A = "'3424'TT33"
A = Replace$(A,"'","''")

Is this helping?
0
 
LVL 52

Expert Comment

by:Ryan Chong
ID: 6840888
sorry as didn't realize Anthony's post while i'm open this question..
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:eosu
ID: 6841069
don't forget to strip off the double apostrophes when you are reading the string back.
to do that, just get the string and do a replace on the doubles to a single.

replace(strBlah, "''", "'")
0
 
LVL 7

Accepted Solution

by:
Z_Beeblebrox earned 50 total points
ID: 6841559
Hi,

Just to explain what is going on here, if you have

SELECT * FROM TABLE WHERE Field1 = 'abc'

everything works great. If however there is an apostrophe in the string, then it fails, since SQL thinks the string is ab, and that the c' don't make any sense:

SELECT * FROM TABLE WHERE Field1 = 'ab'c'

If you double up the apostrophe in the string, then SQL will see it as 1 apostrophe inside the string

SELECT * FROM TABLE WHERE Field1 = 'ab''c'

When you do an insert with doubled up apostrophes, it will only put one apostrophe in the DB, so when you query data back out, it will be exactly as you want it.

Be careful with acperkins' solution, I think it is doubling up too many apostrophes, ie it is doubling up the ones used to delimit the string, which will totally confuse SQL, you need to do a replace on every single field.

Zaphod.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 6842146
>> Be careful with acperkins' solution, I think it is doubling up too many apostrophes, ie it is doubling
up the ones used to delimit the string, which will totally confuse SQL, you need to do a replace on
every single field.<<

Point well made.

Anthony
0
 
LVL 1

Expert Comment

by:jdesharnais
ID: 6842195
like  Z_Beeblebrox said acperkins' solution, I think it is doubling up too many apostrophes

you need the replace for every value you can have a single quote

  "VALUES('" & replace(cboEmployeeMaster(0).Text,"'","''") & "', '" & strReportDate & "', '" & _
   replace(cboCaptain.Text,"'","''" & "', '" & replace(cboSection.Text,"'","''" ......

you get the idea
0
 

Author Comment

by:bob_aloo
ID: 6842556
Thanks for all the help folks. I considered all points made, then realized that I did indeed need to be very careful about wrecking other delimiters. So I wrote a function to call just before building the SQL string which now handles things perfectly.

Private Sub FixPunctuation()
  Dim objControl As Control
  For Each objControl In Me.Controls
    If objControl.Name Like "*Comments" Or _
      objControl.Name Like "*Notes" Then
      objControl.Text = Replace(objControl.Text, "'", "''")
    End If
  Next
End Sub
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction While answering a recent question (http://www.experts-exchange.com/Q_27402310.html) in the VB classic zone, I wrote some VB code in the (Office) VBA environment, rather than fire up my older PC.  I didn't post completely correct code o…
Article by: Martin
Here are a few simple, working, games that you can use as-is or as the basis for your own games. Tic-Tac-Toe This is one of the simplest of all games.   The game allows for a choice of who goes first and keeps track of the number of wins for…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question