Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 573
  • Last Modified:

Syntax error (missing operator) when using single and double apostrophe(' and ") with the input data

Dear Experts, Getting Syntax error (missing operator) when inserting data with single and double apostrophe(' and ") .
if i use this way (""" & Me.Text_box & """) it will take single apostrophe but cannot resolve when double apostrophe came in.
Please help
Thanks
0
gtmathewDallas
Asked:
gtmathewDallas
  • 4
  • 3
  • 2
  • +4
1 Solution
 
hnasrCommented:
Try:
Chr(34) & Me.Text_box & Chr(34)
0
 
gtmathewDallasAuthor Commented:
I tried but showing run time error 2471 :(
0
 
gtmathewDallasAuthor Commented:
DCount("*", "REVIEW_TYPE", "Review_Name = Chr(34) & Me.Text_RVTEdit.value & Chr(34) and Review_Type_Id <>  CLng('" & Me.Combo_RVEdit & "')")
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
chopper_irlCommented:
it looks like you need to escape the characters, which is done by a single quote so
('I'll be there in a second O'Connor') will be ('I''ll be there in a second O''Connor')
or
(Quote:"Show me the money") would be (Quote':'"Show me the money'")

this is not the safest/best way to escape characters but its a start...
0
 
DatabaseMX (Joe Anderson - Microsoft MVP, Access and Data Platform)Commented:
How about

Chr(34) & Replace(Replace(Replace(Me.Text_box, Chr(39),""),Chr(39) & Chr(39),""), Chr(34),"")   & Chr(34)
0
 
gtmathewDallasAuthor Commented:
Actually the user can be enter any type of key values (', ",&,$,% etc ) to the database, is there any way to allow this?
I was using the controls this way-  '" & Me.Text_Box & "' but its not working..
0
 
hnasrCommented:
Try:

DCOUNT ("*", "REVIEW_TYPE", "Review_Name = "  & Chr(34) & Me.Text_RVTEdit.value & Chr(34)  & " and Review_Type_Id <>  CLng(" & Me.Combo_RVEdit & ")")
0
 
Jeffrey CoachmanMIS LiasonCommented:
<Getting Syntax error (missing operator) when inserting data with single and double apostrophe(' and ") .
Not sure how you are "Inserting", but this works fine for me:

CurrentDb.Execute "INSERT INTO YourTable (YourTextField) Values(" & "'" & Replace(Me.txtTextWithApostrophe, "'", "''") & "'" & ")", dbFailOnError
test.mdb
0
 
Jeffrey CoachmanMIS LiasonCommented:
There may be a way to "tighten up" the syntax in my above post, but again, it works fine for me...
0
 
Dale FyeCommented:
I use a function when to format my text strings that are either SQL statements or criteria strings.  The function looks like:
Public Function Quotes(varTextToQuote As Variant) As String

   Quotes = Chr$(34) & Replace(Nz(varTextToQuote, ""), Chr$(34), Chr$(39)) & Chr$(34)
   
End Function

Open in new window

The function will wrap whatever value is passed to it with double quotes, and will replace instances of a " in the text string with double quotes (""), which will be interpreted as a single, embedded quote.  It is so much easier to read this than trying to wrap the text value in extra quotes or to use the chr$(34) in your code.

You use the function like:

DCount("*", "REVIEW_TYPE", "Review_Name = " & Quotes(Me.Text_RVTEdit) & " AND [Review_Type_Id] <>  CLng(" & Me.Combo_RVEdit & ")")

You really don't need to wrap the value from Me.Combo_RVEdit in single quotes, like you had, prior to using the clng() conversion function.
0
 
mbizupCommented:
Any of the above posts should work, but here's another approach using the Parameters collection.  This Access VBA is similar to what you would use in .Net:

Private Sub cmdGetCount_Click()
    Dim qd As New DAO.QueryDef
    On Error GoTo EH
    CurrentDb.QueryDefs.Delete ("qtemp")
    Set qd = CurrentDb.CreateQueryDef("qtemp", "SELECT COUNT(*) AS TotReviews FROM REVIEW_TYPE WHERE Review_Name = @ReviewName AND Review_Type_Id <> @ID ")
    With qd
        .Parameters("@ReviewName") = Me.Text_RVTEdit
        .Parameters("@ID") = Me.Combo_RVEdit
    End With
    MsgBox qd.OpenRecordset.Fields("TotReviews")
    Set qd = Nothing
    Exit Sub
EH:
    If Err.Number = 3265 Then Resume Next
    MsgBox "ERROR " & Err.Number & ": " & Err.Description
   
End Sub

Open in new window


With the parameters collection, you don't need to worry about escaping special characters (because you're not using text or date delimiters), and if you ever upsize to a SQL platform, this method avoids SQL Injection problems in your action queries.
0
 
Jeffrey CoachmanMIS LiasonCommented:
In Reviewing this post, I discovered I was looking at this from the wrong point of view
(SQL Insert)

So my syntax is valid, but not really specific for your situation (DCount)
:-(

Jeff
0
 
gtmathewDallasAuthor Commented:
Thanks Fyed, Its really simple and a good solution, Thanks.

I want to thank you to all other experts who helped me in this issue...
0
 
Dale FyeCommented:
Glad to help.

I have another version of that function which allows you to identify the wrapper, so can choose a single quote (used with SQL Server pass through queries), double quote, or even # for wrapping numbers.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 4
  • 3
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now