Solved

Inserting an apostrophe causes error

Posted on 2007-11-20
4
651 Views
Last Modified: 2010-08-05
Hi,

I'm getting this when someone uses an apostrophe in a memo field:

Microsoft JET Database Engine error '80040e14'
Syntax error (missing operator) in query expression

Below is the basic code I'm using:
Can anyone help?
<%

Dim q1, q2, data_source, con, sql_insert
 

q1 		= Request.Form("q1")

q2 		= Request.Form("q2")

data_source     = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("../db/cpc-survey.mdb")

sql_insert	= "INSERT INTO results (q1, q2, [Timestamp]) VALUES ('" & q1 & "', '" & q2 & "', Now())"
 

Set con = Server.CreateObject("ADODB.Connection")

con.Open data_source

con.Execute sql_insert
 

con.Close

Set con = Nothing

%>

Open in new window

0
Comment
Question by:seanpowell
  • 2
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Ashish Patel earned 500 total points
ID: 20320190
<%
Dim q1, q2, data_source, con, sql_insert
 
q1             = Request.Form("q1")
q2             = Request.Form("q2")
data_source     = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("../db/cpc-survey.mdb")
sql_insert      = "INSERT INTO results (q1, q2, [Timestamp]) VALUES ('" & Replace(q1, "'", "") & "', '" & Replace(q2, "'", "") & "', Now())"
 
Set con = Server.CreateObject("ADODB.Connection")
con.Open data_source
con.Execute sql_insert
 
con.Close
Set con = Nothing
%>
 
0
 
LVL 23

Expert Comment

by:Ashish Patel
ID: 20320197
Or the best thing to do is to replace one single quote with two single quote. this will resolve sql injection flaw too.

<%
Dim q1, q2, data_source, con, sql_insert
 
q1             = Request.Form("q1")
q2             = Request.Form("q2")
data_source     = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("../db/cpc-survey.mdb")
sql_insert      = "INSERT INTO results (q1, q2, [Timestamp]) VALUES ('" & Replace(q1, "'", "''") & "', '" & Replace(q2, "'", "''") & "', Now())"
 
Set con = Server.CreateObject("ADODB.Connection")
con.Open data_source
con.Execute sql_insert
 
con.Close
Set con = Nothing
%>
 
0
 
LVL 31

Author Closing Comment

by:seanpowell
ID: 31410129
Thanks - had a hard time figuring out how to incorporate that.
And lightening fast too :-)
0
 
LVL 31

Author Comment

by:seanpowell
ID: 20320321
Wonderful - thank you so much ;-)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the article entitled Working with Objects – Part 1 (http://www.experts-exchange.com/Microsoft/Development/MS_Access/A_4942-Working-with-Objects-Part-1.html), you learned the basics of working with objects, properties, methods, and events. In Work…
Introduction When developing Access applications, often we need to know whether an object exists.  This article presents a quick and reliable routine to determine if an object exists without that object being opened. If you wanted to inspect/ite…
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now