Solved

How to replace ' (apostrophe) on a database search.

Posted on 2006-06-19
10
1,136 Views
Last Modified: 2008-01-09
Right now, when a user try's to search with an ' they get an error.  Normally, i can use the below syntax to replace the ' so it won't think it's an end of statement.  That's not working here.  What can I do in this instance?

########
HTML CODE
########

<b>Search by Employee Name</b>
<form method="post" action="/relyco/cgi-bin/search_emp_name.asp" name="form2">
<input type="text" name="EmpName" size="40"></form>

################
search_emp_name.asp
################
<%

EmpName                              = Request( "EmpName" )
EmpName                              = Replace(  EmpName,"'","''" )

Dim rs
Set rs = Server.CreateObject("ADODB.recordset")
rs.open "select * from SalesLead where EmpName LIKE '" & Request.Form("EmpName") & "%' ORDER BY ID", "DSN=relyco"

%>
0
Comment
Question by:bschwarting
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 6

Expert Comment

by:inviser
ID: 16937848
Can you post the error you are getting because your code looks fine
0
 
LVL 2

Expert Comment

by:Ghasano
ID: 16937859
try replacing :
EmpName                         = Request( "EmpName" )
EmpName                         = Replace(  EmpName,"'","''" )

to :

EmpName = CStr(trim(Request( "EmpName" )))
EmpName = CStr(trim(Replace(EmpName, "'", "''")))



0
 
LVL 6

Expert Comment

by:inviser
ID: 16937866
Nevermind, I found the problem, do this, you forgot the use EmpName in the query

<%
EmpName                         = Request( "EmpName" )
EmpName                         = Replace(  EmpName,"'","''" )

Dim rs
Set rs = Server.CreateObject("ADODB.recordset")
rs.open "select * from SalesLead where EmpName LIKE '" & EmpName & "%' ORDER BY ID", "DSN=relyco"
%>
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 
LVL 2

Expert Comment

by:Ghasano
ID: 16937884
change :
rs.open "select * from SalesLead where EmpName LIKE '" & Request.Form("EmpName") & "%' ORDER BY ID", "DSN=relyco"

to :

rs.open "select * from SalesLead where EmpName LIKE '%" & EmpName & "% ORDER BY ID", "DSN=relyco"
0
 
LVL 2

Expert Comment

by:Ghasano
ID: 16937898
there must be %% and you forgot to write the second %
0
 
LVL 2

Expert Comment

by:Ghasano
ID: 16937910
sorry i forgot ...
change
rs.open "select * from SalesLead where EmpName LIKE '%" & EmpName & "% ORDER BY ID", "DSN=relyco"

to

rs.open "select * from SalesLead where EmpName LIKE '%" & EmpName & "%' ORDER BY ID", "DSN=relyco"
0
 
LVL 26

Accepted Solution

by:
DireOrbAnt earned 500 total points
ID: 16937911
bschwarting,

You forgot to use your formatted variable in the SQL call.

Instead of:
rs.open "select * from SalesLead where EmpName LIKE '" & Request.Form("EmpName") & "%' ORDER BY ID", "DSN=relyco"

Use:
rs.open "select * from SalesLead where EmpName LIKE '" & EmpName & "%' ORDER BY ID", "DSN=relyco"

That will fix your issue. However, you probably want to use Stored Procedure instead of calling a SELECT *. This will help in many ways. For one, you won't need to parse the quote, but it will also help for security (injection attacks), optimization and so on.
0
 
LVL 1

Author Comment

by:bschwarting
ID: 16937944
hit the nail on the head DireOrbAnt!!!  thanks!
0
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 16938685
Others have posted a similar response as I was typing mine. I hope they get credit from it.
0
 
LVL 1

Author Comment

by:bschwarting
ID: 16942095
DireOrbAnt, yours was the perfect syntax.  the others were all off just a bit.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question