Solved

Escaping an SQL String

Posted on 2002-03-10
8
260 Views
Last Modified: 2013-11-13
OK, I am using a Data Tool to query A database (data1). What happens is the user inputs a name, and it searchs the database. This works all fine and well until the user inputs characters like | (Vertical bar), *, and other such wierd characters. How can Escape this string, just like in PHP, where you can escape the mysql string to get mysql to accept those wierd characters?
0
Comment
Question by:willa2
8 Comments
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 6854718
Data Tool?  Are you talking about the Data View? If so, than you are using ADO and there should be nothing more complicated than a SQL statement like:

Select * From Table1 Where Column1 = '*'

or if using wildcards than:

Select * From Table1 Where Column1 Like '%*%'

If this is not the case, you may want to elaborate further.

Anthony
0
 

Author Comment

by:willa2
ID: 6854769
Yeah I think I am using that, and soz, it wasnt *, it was just the Vertical Bar | - can anyone solve the mystery?
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 6854871
What database are you using?  This works fine for me on SQL Server:

Select * From Table1 Where Column1 = '|'

or if using wildcards than:

Select * From Table1 Where Column1 Like '%|%'

Perhaps you can show us what you are doing.

Anthony

Also, please maintain your open questions:
Querying a Half Life Server Date: 04/14/2001 09:10AM PST
http://devx.experts-exchange.com/jsp/qShow.jsp?ta=visualbasic&qid=20105604
Winsock Buffering Date: 07/14/2001 06:23AM PST
http://devx.experts-exchange.com/jsp/qShow.jsp?ta=visualbasic&qid=20150649
Forcing Sound Feedback, feeding certain computer output to line in terminal Date: 09/24/2001 11:04AM PST
http://devx.experts-exchange.com/jsp/qShow.jsp?ta=visualbasic&qid=20187101

Anthony
0
 

Author Comment

by:willa2
ID: 6857737
Right, it's an Access Database, (Access 97), using VB6. I got a Data Control thingy, and I try and set the recordsource for that control to this:

Data2.RecordSource = "SELECT * FROM names Where ID=" & Data1.Recordset.Fields("ID") & " AND name='" & searchname & "'"

Note that Data1.recordset.Fields("ID") is just an external thing, and you can take it to be '1'. So basing it on this fact, why does the following SQL statement produce a syntax error:

"SELECT * FROM names Where ID=1 AND name='|'"

I know it aint the ID thing cause it works fine without the name thing at end. How do I fix this? Do I have to download some sorta service pack?


0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 75

Accepted Solution

by:
Anthony Perkins earned 100 total points
ID: 6857957
"Names" is a reserved keyword, you may want to change your SQL statement to:

SELECT * FROM [names] Where ...

Anthony
0
 

Author Comment

by:willa2
ID: 6862003
Nope, still no work
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 7618163
Hi willa2,
It appears that you have forgotten this question. I will ask Community Support to close it unless you finalize it within 7 days. I will ask a Community Support Moderator to:

    Accept acperkins@devx's comment(s) as an answer.

willa2, if you think your question was not answered at all or if you need help, just post a new comment here; Community Support will help you.  DO NOT accept this comment as an answer.

EXPERTS: If you disagree with that recommendation, please post an explanatory comment.
==========
DanRollins -- EE database cleanup volunteer
0
 
LVL 1

Expert Comment

by:kodiakbear
ID: 7665502
Moving to the paq

kb
Experts Exchange Moderator
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes some techniques which will make your VBA or Visual Basic Classic code easier to understand and maintain, whether by you, your replacement, or another Experts-Exchange expert.
Whether you’re a college noob or a soon-to-be pro, these tips are sure to help you in your journey to becoming a programming ninja and stand out from the crowd.
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now