Solved

Inserting an apostrophe causes error

Posted on 2007-11-20
4
657 Views
Last Modified: 2010-08-05
Hi,

I'm getting this when someone uses an apostrophe in a memo field:

Microsoft JET Database Engine error '80040e14'
Syntax error (missing operator) in query expression

Below is the basic code I'm using:
Can anyone help?
<%
Dim q1, q2, data_source, con, sql_insert
 
q1 		= Request.Form("q1")
q2 		= Request.Form("q2")
data_source     = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("../db/cpc-survey.mdb")
sql_insert	= "INSERT INTO results (q1, q2, [Timestamp]) VALUES ('" & q1 & "', '" & q2 & "', Now())"
 
Set con = Server.CreateObject("ADODB.Connection")
con.Open data_source
con.Execute sql_insert
 
con.Close
Set con = Nothing
%>

Open in new window

0
Comment
Question by:seanpowell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Ashish Patel earned 500 total points
ID: 20320190
<%
Dim q1, q2, data_source, con, sql_insert
 
q1             = Request.Form("q1")
q2             = Request.Form("q2")
data_source     = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("../db/cpc-survey.mdb")
sql_insert      = "INSERT INTO results (q1, q2, [Timestamp]) VALUES ('" & Replace(q1, "'", "") & "', '" & Replace(q2, "'", "") & "', Now())"
 
Set con = Server.CreateObject("ADODB.Connection")
con.Open data_source
con.Execute sql_insert
 
con.Close
Set con = Nothing
%>
 
0
 
LVL 23

Expert Comment

by:Ashish Patel
ID: 20320197
Or the best thing to do is to replace one single quote with two single quote. this will resolve sql injection flaw too.

<%
Dim q1, q2, data_source, con, sql_insert
 
q1             = Request.Form("q1")
q2             = Request.Form("q2")
data_source     = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("../db/cpc-survey.mdb")
sql_insert      = "INSERT INTO results (q1, q2, [Timestamp]) VALUES ('" & Replace(q1, "'", "''") & "', '" & Replace(q2, "'", "''") & "', Now())"
 
Set con = Server.CreateObject("ADODB.Connection")
con.Open data_source
con.Execute sql_insert
 
con.Close
Set con = Nothing
%>
 
0
 
LVL 31

Author Closing Comment

by:seanpowell
ID: 31410129
Thanks - had a hard time figuring out how to incorporate that.
And lightening fast too :-)
0
 
LVL 31

Author Comment

by:seanpowell
ID: 20320321
Wonderful - thank you so much ;-)
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Describes a method of obtaining an object variable to an already running instance of Microsoft Access so that it can be controlled via automation.
This article describes a method of delivering Word templates for use in merging Access data to Word documents, that requires no computer knowledge on the part of the recipient -- the templates are saved in table fields, and are extracted and install…
Basics of query design. Shows you how to construct a simple query by adding tables, perform joins, defining output columns, perform sorting, and apply criteria.
What’s inside an Access Desktop Database. Will look at the basic interface, Navigation Pane (Database Container), Tables, Queries, Forms, Report, Macro’s, and VBA code.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question