Solved

Inserting an apostrophe causes error

Posted on 2007-11-20
4
659 Views
Last Modified: 2010-08-05
Hi,

I'm getting this when someone uses an apostrophe in a memo field:

Microsoft JET Database Engine error '80040e14'
Syntax error (missing operator) in query expression

Below is the basic code I'm using:
Can anyone help?
<%
Dim q1, q2, data_source, con, sql_insert
 
q1 		= Request.Form("q1")
q2 		= Request.Form("q2")
data_source     = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("../db/cpc-survey.mdb")
sql_insert	= "INSERT INTO results (q1, q2, [Timestamp]) VALUES ('" & q1 & "', '" & q2 & "', Now())"
 
Set con = Server.CreateObject("ADODB.Connection")
con.Open data_source
con.Execute sql_insert
 
con.Close
Set con = Nothing
%>

Open in new window

0
Comment
Question by:seanpowell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Ashish Patel earned 500 total points
ID: 20320190
<%
Dim q1, q2, data_source, con, sql_insert
 
q1             = Request.Form("q1")
q2             = Request.Form("q2")
data_source     = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("../db/cpc-survey.mdb")
sql_insert      = "INSERT INTO results (q1, q2, [Timestamp]) VALUES ('" & Replace(q1, "'", "") & "', '" & Replace(q2, "'", "") & "', Now())"
 
Set con = Server.CreateObject("ADODB.Connection")
con.Open data_source
con.Execute sql_insert
 
con.Close
Set con = Nothing
%>
 
0
 
LVL 23

Expert Comment

by:Ashish Patel
ID: 20320197
Or the best thing to do is to replace one single quote with two single quote. this will resolve sql injection flaw too.

<%
Dim q1, q2, data_source, con, sql_insert
 
q1             = Request.Form("q1")
q2             = Request.Form("q2")
data_source     = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("../db/cpc-survey.mdb")
sql_insert      = "INSERT INTO results (q1, q2, [Timestamp]) VALUES ('" & Replace(q1, "'", "''") & "', '" & Replace(q2, "'", "''") & "', Now())"
 
Set con = Server.CreateObject("ADODB.Connection")
con.Open data_source
con.Execute sql_insert
 
con.Close
Set con = Nothing
%>
 
0
 
LVL 31

Author Closing Comment

by:seanpowell
ID: 31410129
Thanks - had a hard time figuring out how to incorporate that.
And lightening fast too :-)
0
 
LVL 31

Author Comment

by:seanpowell
ID: 20320321
Wonderful - thank you so much ;-)
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Access custom database properties are useful for storing miscellaneous bits of information in a format that persists through database closing and reopening.  This article shows how to create and use them.
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…
In Microsoft Access, learn how to use Dlookup and other domain aggregate functions and one method of specifying a string value within a string. Specify the first argument, which is the expression to be returned: Specify the second argument, which …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question