Solved

SQL update statement issue

Posted on 2013-01-08
10
308 Views
Last Modified: 2013-01-08
This is probably something completely simple for most of you.. but i am having a mild issue and Google isn't helping me.

basically i'm using some VBA to update a SQL Express table.

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND ='" & strBoat & "' WHERE ITEM_NUM = '" & strItemNum & "' "

Open in new window


Most of the time this works perfectly .. but on occasion a user enters a "BOAT_KIND" (stored as a variable "strBoat") with a ' in it ( exmaple: TRIMARAN 105' NIGEL ).

Having that extra ' in it is breaking the update statement.

There has to be a way to rearrange
BOAT_KIND ='" & strBoat & "'

Open in new window

so that the extra ' does not freak everything out.
0
Comment
Question by:DMS-X
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 61

Expert Comment

by:mbizup
ID: 38755722
Try this:

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND ='" & strBoat & "' WHERE ITEM_NUM = " & chr(34)  & strItemNum & chr(34)

Open in new window

0
 
LVL 61

Expert Comment

by:mbizup
ID: 38755727
Sorry - I corrected the wrong field:

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND =" & chr(34) &  strBoat & chr(34) &  " WHERE ITEM_NUM = " & chr(34)  & strItemNum & chr(34)

Open in new window

0
 
LVL 66

Expert Comment

by:Jim Horn
ID: 38755728
To get rid of any quote mark in a string using Access VBA, use Replace.
Copy-paste the below line into your Immediate window and it will return abcdef

? Replace("abc'def", "'", "")

So just take the above and motify Miriam's SQL above where you have strBoat, and it'll work.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 120

Expert Comment

by:Rey Obrero (Capricorn1)
ID: 38755732
try

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND =" & chr(34) & strBoat & chr(34) & " WHERE ITEM_NUM = '" & strItemNum & "' "
0
 
LVL 66

Expert Comment

by:Jim Horn
ID: 38755734
Disregard my above comment.  You probably need to insert the ', and Miriam's second SQL statement will work.
0
 
LVL 61

Accepted Solution

by:
mbizup earned 500 total points
ID: 38755746
You also might want to look into using parameters.  These can handle ', ", etc, etc, etc... and they are a method of avoiding SQL injection problems.  Check out my post here for an example using Access VBA:
http://www.experts-exchange.com/Microsoft/Development/MS_Access/Q_27983017.html#a38739644
0
 
LVL 1

Author Comment

by:DMS-X
ID: 38755810
There are a large Range of Names that the clients are using.. when i alter the code per Miriam's suggestion i get an error on this boat name now "C+C 115".

error No: -2147217900
Invalid column name 'C+C 115'.
0
 
LVL 61

Expert Comment

by:mbizup
ID: 38755831
Give this a try:


    Dim qd As New DAO.QueryDef
    On Error GoTo EH
    CurrentDb.QueryDefs.Delete ("qtemp")
    Set qd = CurrentDb.CreateQueryDef("qtemp", "UPDATE dbo.TblTapeWIP SET BOAT_KIND = @BoatKind WHERE ITEM_NUM = @ItemNum")
    With qd
        .Parameters("@BoatKind") = strBoat 
        .Parameters("@ID") = strItemNum
    End With
    qd.Execute
    Set qd = Nothing
    Exit Sub
EH:
    If Err.Number = 3265 Then Resume Next
    MsgBox "ERROR " & Err.Number & ": " & Err.Description
   

Open in new window

0
 
LVL 61

Expert Comment

by:mbizup
ID: 38755835
Or this:

    Dim qd As New DAO.QueryDef
    Set qd = CurrentDb.CreateQueryDef(, "UPDATE dbo.TblTapeWIP SET BOAT_KIND = @BoatKind WHERE ITEM_NUM = @ItemNum")
    With qd
        .Parameters("@BoatKind") = strBoat 
        .Parameters("@ItemNum") = strItemNum
    End With
    qd.Execute
    Set qd = Nothing

Open in new window

0
 
LVL 1

Author Closing Comment

by:DMS-X
ID: 38755958
With out rewriting my complete function i was able to find a solution using the link provided..

basically i'm just formatting the Boat_kind field using the following...

strBoat = Replace(Nz(rs.BOAT_KIND), Chr$(39), Chr$(32))

so i just replace it with a space.. maybe not the best way but this issue has already taken enough of my time.. cost to benefit you know..

Thanks for the solutions.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Access custom database properties are useful for storing miscellaneous bits of information in a format that persists through database closing and reopening.  This article shows how to create and use them.
You need to know the location of the Office templates folder, so that when you create new templates, they are saved to that location, and thus are available for selection when creating new documents.  The steps to find the Templates folder path are …
In Microsoft Access, learn the trick to repeating sub-report headings at the top of each page. The problem with sub-reports and headings: Add a dummy group to the sub report using the expression =1: Set the “Repeat Section” property of the dummy…
In Microsoft Access, when working with VBA, learn some techniques for writing readable and easily maintained code.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question