?
Solved

How to replace ' (apostrophe) on a database search.

Posted on 2006-06-19
10
Medium Priority
?
1,137 Views
Last Modified: 2008-01-09
Right now, when a user try's to search with an ' they get an error.  Normally, i can use the below syntax to replace the ' so it won't think it's an end of statement.  That's not working here.  What can I do in this instance?

########
HTML CODE
########

<b>Search by Employee Name</b>
<form method="post" action="/relyco/cgi-bin/search_emp_name.asp" name="form2">
<input type="text" name="EmpName" size="40"></form>

################
search_emp_name.asp
################
<%

EmpName                              = Request( "EmpName" )
EmpName                              = Replace(  EmpName,"'","''" )

Dim rs
Set rs = Server.CreateObject("ADODB.recordset")
rs.open "select * from SalesLead where EmpName LIKE '" & Request.Form("EmpName") & "%' ORDER BY ID", "DSN=relyco"

%>
0
Comment
Question by:bschwarting
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 6

Expert Comment

by:inviser
ID: 16937848
Can you post the error you are getting because your code looks fine
0
 
LVL 2

Expert Comment

by:Ghasano
ID: 16937859
try replacing :
EmpName                         = Request( "EmpName" )
EmpName                         = Replace(  EmpName,"'","''" )

to :

EmpName = CStr(trim(Request( "EmpName" )))
EmpName = CStr(trim(Replace(EmpName, "'", "''")))



0
 
LVL 6

Expert Comment

by:inviser
ID: 16937866
Nevermind, I found the problem, do this, you forgot the use EmpName in the query

<%
EmpName                         = Request( "EmpName" )
EmpName                         = Replace(  EmpName,"'","''" )

Dim rs
Set rs = Server.CreateObject("ADODB.recordset")
rs.open "select * from SalesLead where EmpName LIKE '" & EmpName & "%' ORDER BY ID", "DSN=relyco"
%>
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 2

Expert Comment

by:Ghasano
ID: 16937884
change :
rs.open "select * from SalesLead where EmpName LIKE '" & Request.Form("EmpName") & "%' ORDER BY ID", "DSN=relyco"

to :

rs.open "select * from SalesLead where EmpName LIKE '%" & EmpName & "% ORDER BY ID", "DSN=relyco"
0
 
LVL 2

Expert Comment

by:Ghasano
ID: 16937898
there must be %% and you forgot to write the second %
0
 
LVL 2

Expert Comment

by:Ghasano
ID: 16937910
sorry i forgot ...
change
rs.open "select * from SalesLead where EmpName LIKE '%" & EmpName & "% ORDER BY ID", "DSN=relyco"

to

rs.open "select * from SalesLead where EmpName LIKE '%" & EmpName & "%' ORDER BY ID", "DSN=relyco"
0
 
LVL 26

Accepted Solution

by:
DireOrbAnt earned 2000 total points
ID: 16937911
bschwarting,

You forgot to use your formatted variable in the SQL call.

Instead of:
rs.open "select * from SalesLead where EmpName LIKE '" & Request.Form("EmpName") & "%' ORDER BY ID", "DSN=relyco"

Use:
rs.open "select * from SalesLead where EmpName LIKE '" & EmpName & "%' ORDER BY ID", "DSN=relyco"

That will fix your issue. However, you probably want to use Stored Procedure instead of calling a SELECT *. This will help in many ways. For one, you won't need to parse the quote, but it will also help for security (injection attacks), optimization and so on.
0
 
LVL 1

Author Comment

by:bschwarting
ID: 16937944
hit the nail on the head DireOrbAnt!!!  thanks!
0
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 16938685
Others have posted a similar response as I was typing mine. I hope they get credit from it.
0
 
LVL 1

Author Comment

by:bschwarting
ID: 16942095
DireOrbAnt, yours was the perfect syntax.  the others were all off just a bit.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question