Solved

How to replace ' (apostrophe) on a database search.

Posted on 2006-06-19
10
1,121 Views
Last Modified: 2008-01-09
Right now, when a user try's to search with an ' they get an error.  Normally, i can use the below syntax to replace the ' so it won't think it's an end of statement.  That's not working here.  What can I do in this instance?

########
HTML CODE
########

<b>Search by Employee Name</b>
<form method="post" action="/relyco/cgi-bin/search_emp_name.asp" name="form2">
<input type="text" name="EmpName" size="40"></form>

################
search_emp_name.asp
################
<%

EmpName                              = Request( "EmpName" )
EmpName                              = Replace(  EmpName,"'","''" )

Dim rs
Set rs = Server.CreateObject("ADODB.recordset")
rs.open "select * from SalesLead where EmpName LIKE '" & Request.Form("EmpName") & "%' ORDER BY ID", "DSN=relyco"

%>
0
Comment
Question by:bschwarting
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 6

Expert Comment

by:inviser
ID: 16937848
Can you post the error you are getting because your code looks fine
0
 
LVL 2

Expert Comment

by:Ghasano
ID: 16937859
try replacing :
EmpName                         = Request( "EmpName" )
EmpName                         = Replace(  EmpName,"'","''" )

to :

EmpName = CStr(trim(Request( "EmpName" )))
EmpName = CStr(trim(Replace(EmpName, "'", "''")))



0
 
LVL 6

Expert Comment

by:inviser
ID: 16937866
Nevermind, I found the problem, do this, you forgot the use EmpName in the query

<%
EmpName                         = Request( "EmpName" )
EmpName                         = Replace(  EmpName,"'","''" )

Dim rs
Set rs = Server.CreateObject("ADODB.recordset")
rs.open "select * from SalesLead where EmpName LIKE '" & EmpName & "%' ORDER BY ID", "DSN=relyco"
%>
0
 
LVL 2

Expert Comment

by:Ghasano
ID: 16937884
change :
rs.open "select * from SalesLead where EmpName LIKE '" & Request.Form("EmpName") & "%' ORDER BY ID", "DSN=relyco"

to :

rs.open "select * from SalesLead where EmpName LIKE '%" & EmpName & "% ORDER BY ID", "DSN=relyco"
0
 
LVL 2

Expert Comment

by:Ghasano
ID: 16937898
there must be %% and you forgot to write the second %
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 2

Expert Comment

by:Ghasano
ID: 16937910
sorry i forgot ...
change
rs.open "select * from SalesLead where EmpName LIKE '%" & EmpName & "% ORDER BY ID", "DSN=relyco"

to

rs.open "select * from SalesLead where EmpName LIKE '%" & EmpName & "%' ORDER BY ID", "DSN=relyco"
0
 
LVL 26

Accepted Solution

by:
DireOrbAnt earned 500 total points
ID: 16937911
bschwarting,

You forgot to use your formatted variable in the SQL call.

Instead of:
rs.open "select * from SalesLead where EmpName LIKE '" & Request.Form("EmpName") & "%' ORDER BY ID", "DSN=relyco"

Use:
rs.open "select * from SalesLead where EmpName LIKE '" & EmpName & "%' ORDER BY ID", "DSN=relyco"

That will fix your issue. However, you probably want to use Stored Procedure instead of calling a SELECT *. This will help in many ways. For one, you won't need to parse the quote, but it will also help for security (injection attacks), optimization and so on.
0
 
LVL 1

Author Comment

by:bschwarting
ID: 16937944
hit the nail on the head DireOrbAnt!!!  thanks!
0
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 16938685
Others have posted a similar response as I was typing mine. I hope they get credit from it.
0
 
LVL 1

Author Comment

by:bschwarting
ID: 16942095
DireOrbAnt, yours was the perfect syntax.  the others were all off just a bit.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
This video discusses moving either the default database or any database to a new volume.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now