Solved

SQL update statement issue

Posted on 2013-01-08
10
307 Views
Last Modified: 2013-01-08
This is probably something completely simple for most of you.. but i am having a mild issue and Google isn't helping me.

basically i'm using some VBA to update a SQL Express table.

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND ='" & strBoat & "' WHERE ITEM_NUM = '" & strItemNum & "' "

Open in new window


Most of the time this works perfectly .. but on occasion a user enters a "BOAT_KIND" (stored as a variable "strBoat") with a ' in it ( exmaple: TRIMARAN 105' NIGEL ).

Having that extra ' in it is breaking the update statement.

There has to be a way to rearrange
BOAT_KIND ='" & strBoat & "'

Open in new window

so that the extra ' does not freak everything out.
0
Comment
Question by:DMS-X
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 61

Expert Comment

by:mbizup
ID: 38755722
Try this:

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND ='" & strBoat & "' WHERE ITEM_NUM = " & chr(34)  & strItemNum & chr(34)

Open in new window

0
 
LVL 61

Expert Comment

by:mbizup
ID: 38755727
Sorry - I corrected the wrong field:

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND =" & chr(34) &  strBoat & chr(34) &  " WHERE ITEM_NUM = " & chr(34)  & strItemNum & chr(34)

Open in new window

0
 
LVL 65

Expert Comment

by:Jim Horn
ID: 38755728
To get rid of any quote mark in a string using Access VBA, use Replace.
Copy-paste the below line into your Immediate window and it will return abcdef

? Replace("abc'def", "'", "")

So just take the above and motify Miriam's SQL above where you have strBoat, and it'll work.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 120

Expert Comment

by:Rey Obrero (Capricorn1)
ID: 38755732
try

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND =" & chr(34) & strBoat & chr(34) & " WHERE ITEM_NUM = '" & strItemNum & "' "
0
 
LVL 65

Expert Comment

by:Jim Horn
ID: 38755734
Disregard my above comment.  You probably need to insert the ', and Miriam's second SQL statement will work.
0
 
LVL 61

Accepted Solution

by:
mbizup earned 500 total points
ID: 38755746
You also might want to look into using parameters.  These can handle ', ", etc, etc, etc... and they are a method of avoiding SQL injection problems.  Check out my post here for an example using Access VBA:
http://www.experts-exchange.com/Microsoft/Development/MS_Access/Q_27983017.html#a38739644
0
 
LVL 1

Author Comment

by:DMS-X
ID: 38755810
There are a large Range of Names that the clients are using.. when i alter the code per Miriam's suggestion i get an error on this boat name now "C+C 115".

error No: -2147217900
Invalid column name 'C+C 115'.
0
 
LVL 61

Expert Comment

by:mbizup
ID: 38755831
Give this a try:


    Dim qd As New DAO.QueryDef
    On Error GoTo EH
    CurrentDb.QueryDefs.Delete ("qtemp")
    Set qd = CurrentDb.CreateQueryDef("qtemp", "UPDATE dbo.TblTapeWIP SET BOAT_KIND = @BoatKind WHERE ITEM_NUM = @ItemNum")
    With qd
        .Parameters("@BoatKind") = strBoat 
        .Parameters("@ID") = strItemNum
    End With
    qd.Execute
    Set qd = Nothing
    Exit Sub
EH:
    If Err.Number = 3265 Then Resume Next
    MsgBox "ERROR " & Err.Number & ": " & Err.Description
   

Open in new window

0
 
LVL 61

Expert Comment

by:mbizup
ID: 38755835
Or this:

    Dim qd As New DAO.QueryDef
    Set qd = CurrentDb.CreateQueryDef(, "UPDATE dbo.TblTapeWIP SET BOAT_KIND = @BoatKind WHERE ITEM_NUM = @ItemNum")
    With qd
        .Parameters("@BoatKind") = strBoat 
        .Parameters("@ItemNum") = strItemNum
    End With
    qd.Execute
    Set qd = Nothing

Open in new window

0
 
LVL 1

Author Closing Comment

by:DMS-X
ID: 38755958
With out rewriting my complete function i was able to find a solution using the link provided..

basically i'm just formatting the Boat_kind field using the following...

strBoat = Replace(Nz(rs.BOAT_KIND), Chr$(39), Chr$(32))

so i just replace it with a space.. maybe not the best way but this issue has already taken enough of my time.. cost to benefit you know..

Thanks for the solutions.
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In Microsoft Access, learn the trick to repeating sub-report headings at the top of each page. The problem with sub-reports and headings: Add a dummy group to the sub report using the expression =1: Set the “Repeat Section” property of the dummy…
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question