Solved

SQL update statement issue

Posted on 2013-01-08
10
302 Views
Last Modified: 2013-01-08
This is probably something completely simple for most of you.. but i am having a mild issue and Google isn't helping me.

basically i'm using some VBA to update a SQL Express table.

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND ='" & strBoat & "' WHERE ITEM_NUM = '" & strItemNum & "' "

Open in new window


Most of the time this works perfectly .. but on occasion a user enters a "BOAT_KIND" (stored as a variable "strBoat") with a ' in it ( exmaple: TRIMARAN 105' NIGEL ).

Having that extra ' in it is breaking the update statement.

There has to be a way to rearrange
BOAT_KIND ='" & strBoat & "'

Open in new window

so that the extra ' does not freak everything out.
0
Comment
Question by:DMS-X
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 61

Expert Comment

by:mbizup
Comment Utility
Try this:

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND ='" & strBoat & "' WHERE ITEM_NUM = " & chr(34)  & strItemNum & chr(34)

Open in new window

0
 
LVL 61

Expert Comment

by:mbizup
Comment Utility
Sorry - I corrected the wrong field:

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND =" & chr(34) &  strBoat & chr(34) &  " WHERE ITEM_NUM = " & chr(34)  & strItemNum & chr(34)

Open in new window

0
 
LVL 65

Expert Comment

by:Jim Horn
Comment Utility
To get rid of any quote mark in a string using Access VBA, use Replace.
Copy-paste the below line into your Immediate window and it will return abcdef

? Replace("abc'def", "'", "")

So just take the above and motify Miriam's SQL above where you have strBoat, and it'll work.
0
 
LVL 119

Expert Comment

by:Rey Obrero
Comment Utility
try

strSQL1 = " UPDATE dbo.TblTapeWIP SET BOAT_KIND =" & chr(34) & strBoat & chr(34) & " WHERE ITEM_NUM = '" & strItemNum & "' "
0
 
LVL 65

Expert Comment

by:Jim Horn
Comment Utility
Disregard my above comment.  You probably need to insert the ', and Miriam's second SQL statement will work.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 61

Accepted Solution

by:
mbizup earned 500 total points
Comment Utility
You also might want to look into using parameters.  These can handle ', ", etc, etc, etc... and they are a method of avoiding SQL injection problems.  Check out my post here for an example using Access VBA:
http://www.experts-exchange.com/Microsoft/Development/MS_Access/Q_27983017.html#a38739644
0
 
LVL 1

Author Comment

by:DMS-X
Comment Utility
There are a large Range of Names that the clients are using.. when i alter the code per Miriam's suggestion i get an error on this boat name now "C+C 115".

error No: -2147217900
Invalid column name 'C+C 115'.
0
 
LVL 61

Expert Comment

by:mbizup
Comment Utility
Give this a try:


    Dim qd As New DAO.QueryDef
    On Error GoTo EH
    CurrentDb.QueryDefs.Delete ("qtemp")
    Set qd = CurrentDb.CreateQueryDef("qtemp", "UPDATE dbo.TblTapeWIP SET BOAT_KIND = @BoatKind WHERE ITEM_NUM = @ItemNum")
    With qd
        .Parameters("@BoatKind") = strBoat 
        .Parameters("@ID") = strItemNum
    End With
    qd.Execute
    Set qd = Nothing
    Exit Sub
EH:
    If Err.Number = 3265 Then Resume Next
    MsgBox "ERROR " & Err.Number & ": " & Err.Description
   

Open in new window

0
 
LVL 61

Expert Comment

by:mbizup
Comment Utility
Or this:

    Dim qd As New DAO.QueryDef
    Set qd = CurrentDb.CreateQueryDef(, "UPDATE dbo.TblTapeWIP SET BOAT_KIND = @BoatKind WHERE ITEM_NUM = @ItemNum")
    With qd
        .Parameters("@BoatKind") = strBoat 
        .Parameters("@ItemNum") = strItemNum
    End With
    qd.Execute
    Set qd = Nothing

Open in new window

0
 
LVL 1

Author Closing Comment

by:DMS-X
Comment Utility
With out rewriting my complete function i was able to find a solution using the link provided..

basically i'm just formatting the Boat_kind field using the following...

strBoat = Replace(Nz(rs.BOAT_KIND), Chr$(39), Chr$(32))

so i just replace it with a space.. maybe not the best way but this issue has already taken enough of my time.. cost to benefit you know..

Thanks for the solutions.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

A simple tool to export all objects of two Access files as text and compare it with Meld, a free diff tool.
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now