bob_aloo
asked on
Handling apostrophe characters in a textbox when the text becomes a value in a SQL string
I have a VB6 app which uses ADO to interact with an Access database. One of the forms in the app is for data-entry, transcribing scores and comments from an evaluation form and entering the form values as a new record in a table. Here's the problem: the comments go into textboxes and then the textbox's text becomes part of a SQL insertion string, which inserts the text into a memo field in the record, but if there is any punctuation involving an apostrophe, it wrecks the SQL string and I get a run-time error saying my query expression has a missing operator. How do I get around this? The SQL string looks like this:
'build sql string from form field values
strSQL = _
"INSERT INTO DailyShiftReports(Employee
"Captain, Sect, OpeningDutiesScore, OpeningDutiesComments, " & _
"TableMaintenanceScore, TableMaintenanceComments, TeamworkScore, " & _
"TeamworkComments, TablesideMannerScore, TablesideMannerComments, " & _
"BooksPOSScore, BooksPOSComments, CompletedFocus, SessionNotes, TotalScore)" & _
"VALUES('" & cboEmployeeMaster(0).Text & "', '" & strReportDate & "', '" & _
cboCaptain.Text & "', '" & cboSection.Text & "', '" & _
txtOpeningDutiesScore.Text
txtTableMaintScore.Text & "', '" & txtTableMaintComments.Text
txtTeamworkScore.Text & "', '" & txtTeamworkComments.Text & "', '" & _
txtTablesideScore.Text & "', '" & txtTablesideComments.Text & "', '" & _
txtPOSScore.Text & "', '" & txtPOSComments.Text & "', '" & _
chkCompletedFocus.Value & "', '" & txtSessionNotes.Text & "', '" & _
txtTotalScore.Text & "')"
'build sql string from form field values
strSQL = _
"INSERT INTO DailyShiftReports(Employee
"Captain, Sect, OpeningDutiesScore, OpeningDutiesComments, " & _
"TableMaintenanceScore, TableMaintenanceComments, TeamworkScore, " & _
"TeamworkComments, TablesideMannerScore, TablesideMannerComments, " & _
"BooksPOSScore, BooksPOSComments, CompletedFocus, SessionNotes, TotalScore)" & _
"VALUES('" & cboEmployeeMaster(0).Text & "', '" & strReportDate & "', '" & _
cboCaptain.Text & "', '" & cboSection.Text & "', '" & _
txtOpeningDutiesScore.Text
txtTableMaintScore.Text & "', '" & txtTableMaintComments.Text
txtTeamworkScore.Text & "', '" & txtTeamworkComments.Text & "', '" & _
txtTablesideScore.Text & "', '" & txtTablesideComments.Text & "', '" & _
txtPOSScore.Text & "', '" & txtPOSComments.Text & "', '" & _
chkCompletedFocus.Value & "', '" & txtSessionNotes.Text & "', '" & _
txtTotalScore.Text & "')"
Hi bob_aloo,
Try to replace the apostrophe characters with Replace function in VB:
Example:
A = "'3424'TT33"
A = Replace$(A,"'","''")
Is this helping?
Try to replace the apostrophe characters with Replace function in VB:
Example:
A = "'3424'TT33"
A = Replace$(A,"'","''")
Is this helping?
sorry as didn't realize Anthony's post while i'm open this question..
don't forget to strip off the double apostrophes when you are reading the string back.
to do that, just get the string and do a replace on the doubles to a single.
replace(strBlah, "''", "'")
to do that, just get the string and do a replace on the doubles to a single.
replace(strBlah, "''", "'")
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> Be careful with acperkins' solution, I think it is doubling up too many apostrophes, ie it is doubling
up the ones used to delimit the string, which will totally confuse SQL, you need to do a replace on
every single field.<<
Point well made.
Anthony
up the ones used to delimit the string, which will totally confuse SQL, you need to do a replace on
every single field.<<
Point well made.
Anthony
like Z_Beeblebrox said acperkins' solution, I think it is doubling up too many apostrophes
you need the replace for every value you can have a single quote
"VALUES('" & replace(cboEmployeeMaster(
replace(cboCaptain.Text,"'
you get the idea
you need the replace for every value you can have a single quote
"VALUES('" & replace(cboEmployeeMaster(
replace(cboCaptain.Text,"'
you get the idea
ASKER
Thanks for all the help folks. I considered all points made, then realized that I did indeed need to be very careful about wrecking other delimiters. So I wrote a function to call just before building the SQL string which now handles things perfectly.
Private Sub FixPunctuation()
Dim objControl As Control
For Each objControl In Me.Controls
If objControl.Name Like "*Comments" Or _
objControl.Name Like "*Notes" Then
objControl.Text = Replace(objControl.Text, "'", "''")
End If
Next
End Sub
Private Sub FixPunctuation()
Dim objControl As Control
For Each objControl In Me.Controls
If objControl.Name Like "*Comments" Or _
objControl.Name Like "*Notes" Then
objControl.Text = Replace(objControl.Text, "'", "''")
End If
Next
End Sub
strSQL = Replace(strSQL, "'", "''")
In other words, replace a single apostrophe with two single apostrophes.
Anthony