Apostrophe Error in SQL matching

Posted on 2004-08-11
Last Modified: 2013-12-25
I have used code similar to the following to search for matching records in a database, and it works well, providing a narrowing list of matches as the 'Search' texts gets longer.

Variables FtExt1 and FtExt2 are the contents of the two Search text boxes, and the code is called to update the Recordset after every change in either text box.

The problem occurs when the Search text includes an APOSTROPHE eg O'Carrol. This is because SQL uses the apostrophe for its' own purposes, and this extra apostrophe destroys the logic of the SQL.

If the user types an Apostrophe, the program crashed, until I added code to trap this character

    SQL = "Select [ID], [Title], [Name], Age FROM Entrants WHERE ([Title] like '" & FtExt1 & "' OR [Title] is Null) AND ([Name] like '" & FtExt2 & "') ORDER BY 3,2;"
    MatchingRs.Open SQL, SMConn, adOpenKeyset, adLockReadOnly

This problem is not a large one, but does restrict the scope of my 'Find' routine to some extent.

Is there a way to include the apostrophe in the SQL without crashing it


Question by:nedwob
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 70

Assisted Solution

by:Éric Moreau
Éric Moreau earned 30 total points
ID: 11774001
You have to double it:

 SQL = "Select [ID], [Title], [Name], Age FROM Entrants WHERE ([Title] like '" & replace(FtExt1, "'","''") & "' OR [Title] is Null) AND ([Name] like '" & replace(FtExt2,"'", "''") & "') ORDER BY 3,2;"

Assisted Solution

bkthompson2112 earned 30 total points
ID: 11774007
Hi nedwob,

Use 2 apostrophes.  ''
When the user enters an apostrophe add another to the search string.

LVL 29

Accepted Solution

leonstryker earned 80 total points
ID: 11774575
You may want to use a function to do this to all of your SQl string before passing them to the database.  Here is sample function which does it:

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.


Assisted Solution

PePi earned 50 total points
ID: 11774804
use replace like so:

SQL = "Select [ID], [Title], [Name], Age FROM Entrants WHERE ([Title] like '" & Replace(FtExt1,"'","''") & "' OR [Title] is Null) AND ([Name] like '" & Replace(FtExt2,"'","''") & "') ORDER BY 3,2;"

in the replace function, the second parameter is a double quote, single quote, double quote
the third parameter is a double quote,  a single quote, another single quote then a double quote.

it's very hard to see the difference of these single & double quotes just by looking at it. hope this helps

Assisted Solution

mladenovicz earned 70 total points
ID: 11781918
Public Function m_PrepareQueryParams(str As String) As String
Dim sRes As String
    sRes = str
    sRes = Replace(sRes, "[", "[[]")
    sRes = Replace(sRes, "*", "[*]")
    sRes = Replace(sRes, "?", "[?]")
    sRes = Replace(sRes, "#", "[#]")
    sRes = Replace(sRes, "%", "[%]")
    sRes = Replace(sRes, "_", "[_]")
    sRes = Replace(sRes, "'", "''")
    m_PrepareQueryParams = sRes
End Function

Author Comment

ID: 11784958
Thanks for the comments. I will look at them and come back to award the points in a day or two.

LVL 18

Assisted Solution

JR2003 earned 40 total points
ID: 11826298
I use a function called DBStr and call it with every string I put into some sql.
Just paste the function into a module and call it from all the literals you put in sql.
It works a treat...

'Example Usage:

 SQL = "Select [ID], [Title], [Name], Age FROM Entrants WHERE ([Title] like '" & DBStr(FtExt1) & "' OR [Title] is Null) AND ([Name] like '" & DBStr(FtExt2) & "') ORDER BY 3,2;"


Public Function DBStr(sIn As String) As String

    Dim tmp As String
    Dim i As Long
    Dim j As Long
    If Len(sIn) <> 0 Then
        j = 1
            i = InStr(j, sIn, "'")
            If i = 0 Then Exit Do
            tmp = tmp & Mid$(sIn, j, i - j) & "''"
            j = i + 1
        DBStr = tmp & Mid(sIn, j)
    End If
End Function


Author Comment

ID: 11831908
Thanks to all. I have increased the points and will split according to the input or usefulness to me.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most everyone who has done any programming in VB6 knows that you can do something in code like Debug.Print MyVar and that when the program runs from the IDE, the value of MyVar will be displayed in the Immediate Window. Less well known is Debug.Asse…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Suggested Courses
Course of the Month10 days, 19 hours left to enroll

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question