• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 314
  • Last Modified:

SQL update statement issue

This is probably something completely simple for most of you.. but i am having a mild issue and Google isn't helping me.

basically i'm using some VBA to update a SQL Express table.

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND ='" & strBoat & "' WHERE ITEM_NUM = '" & strItemNum & "' "

Open in new window


Most of the time this works perfectly .. but on occasion a user enters a "BOAT_KIND" (stored as a variable "strBoat") with a ' in it ( exmaple: TRIMARAN 105' NIGEL ).

Having that extra ' in it is breaking the update statement.

There has to be a way to rearrange
BOAT_KIND ='" & strBoat & "'

Open in new window

so that the extra ' does not freak everything out.
0
DMS-X
Asked:
DMS-X
  • 5
  • 2
  • 2
  • +1
1 Solution
 
mbizupCommented:
Try this:

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND ='" & strBoat & "' WHERE ITEM_NUM = " & chr(34)  & strItemNum & chr(34)

Open in new window

0
 
mbizupCommented:
Sorry - I corrected the wrong field:

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND =" & chr(34) &  strBoat & chr(34) &  " WHERE ITEM_NUM = " & chr(34)  & strItemNum & chr(34)

Open in new window

0
 
Jim HornMicrosoft SQL Server Developer, Architect, and AuthorCommented:
To get rid of any quote mark in a string using Access VBA, use Replace.
Copy-paste the below line into your Immediate window and it will return abcdef

? Replace("abc'def", "'", "")

So just take the above and motify Miriam's SQL above where you have strBoat, and it'll work.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
Rey Obrero (Capricorn1)Commented:
try

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND =" & chr(34) & strBoat & chr(34) & " WHERE ITEM_NUM = '" & strItemNum & "' "
0
 
Jim HornMicrosoft SQL Server Developer, Architect, and AuthorCommented:
Disregard my above comment.  You probably need to insert the ', and Miriam's second SQL statement will work.
0
 
mbizupCommented:
You also might want to look into using parameters.  These can handle ', ", etc, etc, etc... and they are a method of avoiding SQL injection problems.  Check out my post here for an example using Access VBA:
http://www.experts-exchange.com/Microsoft/Development/MS_Access/Q_27983017.html#a38739644
0
 
DMS-XAuthor Commented:
There are a large Range of Names that the clients are using.. when i alter the code per Miriam's suggestion i get an error on this boat name now "C+C 115".

error No: -2147217900
Invalid column name 'C+C 115'.
0
 
mbizupCommented:
Give this a try:


    Dim qd As New DAO.QueryDef
    On Error GoTo EH
    CurrentDb.QueryDefs.Delete ("qtemp")
    Set qd = CurrentDb.CreateQueryDef("qtemp", "UPDATE dbo.TblTapeWIP SET BOAT_KIND = @BoatKind WHERE ITEM_NUM = @ItemNum")
    With qd
        .Parameters("@BoatKind") = strBoat 
        .Parameters("@ID") = strItemNum
    End With
    qd.Execute
    Set qd = Nothing
    Exit Sub
EH:
    If Err.Number = 3265 Then Resume Next
    MsgBox "ERROR " & Err.Number & ": " & Err.Description
   

Open in new window

0
 
mbizupCommented:
Or this:

    Dim qd As New DAO.QueryDef
    Set qd = CurrentDb.CreateQueryDef(, "UPDATE dbo.TblTapeWIP SET BOAT_KIND = @BoatKind WHERE ITEM_NUM = @ItemNum")
    With qd
        .Parameters("@BoatKind") = strBoat 
        .Parameters("@ItemNum") = strItemNum
    End With
    qd.Execute
    Set qd = Nothing

Open in new window

0
 
DMS-XAuthor Commented:
With out rewriting my complete function i was able to find a solution using the link provided..

basically i'm just formatting the Boat_kind field using the following...

strBoat = Replace(Nz(rs.BOAT_KIND), Chr$(39), Chr$(32))

so i just replace it with a space.. maybe not the best way but this issue has already taken enough of my time.. cost to benefit you know..

Thanks for the solutions.
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 5
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now