Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SQL Server/Classic ASP Escape Characters

Posted on 2014-11-25
4
Medium Priority
?
405 Views
Last Modified: 2014-11-25
So I want to grab data from my remote server and bring it to my local server using a web page.  Here is the codd:
        Set rs = New ADODB.Recordset
        sql = "SELECT FirstName, LastName, City, St, Phone, Email, DOB, Gender, Country, FBook, Twitter, Uploaded "
        sql = sql & "FROM Participant WHERE ParticipantID = " & PartsToAdd(i)
        rs.Open sql, srvr_conn, 1, 2
        For j = 0 To 10
            PartArr(j) = rs(j).Value
        Next j
        rs(11).Value = "y"
        rs.Update
        rs.Close
        Set rs = Nothing
                
        'check to see if this participant exists
        lParticipantID = 0
        Set rs = New ADODB.Recordset
        sql = "SELECT ParticipantID FROM Participant WHERE FirstName = '" & PartArr(0) & "' AND LastName = '" & PartArr(1)
        sql = sql & "' AND Email = '" & PartArr(5) & "' AND Gender = '" & PartArr(7) & "'"
        rs.Open sql, conn, 1, 2
        If rs.RecordCount > 0 Then lParticipantID = rs(0).Value
        rs.Close
        Set rs = Nothing

Open in new window


The problem is that If I get an error when I try to check for a match in the local data (conn) if there is an O'Brien in the remote data.  If know how to use Replace(rs(1).Value, " ' ' ", " ' ") but I keep getting the error.  Any suggestions?
0
Comment
Question by:Bob Schneider
  • 2
4 Comments
 
LVL 54

Accepted Solution

by:
Scott Fell,  EE MVE earned 1400 total points
ID: 40465799
I would just replace with an entity

You can use chr(39) for the replace
replace(myval,"'",chr(39))

http://dev.w3.org/html5/html-author/charref
http://www.w3schools.com/html/html_entities.asp
http://www.ascii.cl/htmlcodes.htm
0
 
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 600 total points
ID: 40465843
It could help to see what error you're getting.

You should also debug it.  Output the sql string and see what you're getting - find the line that is experiencing the error and RIGHT BEFORE IT, use RESPONSE.WRITE to display the SQL statement you expect to execute.

OF course, I don't see you're "replace" code that you say you know to use anywhere in your code above.  

Finally, if you didn't, in fact, just make a typo in your explanation, the PROPER syntax of Replace is
Replace(string, "findThis", "replaceWithThis")

The example you use above would find '' and replace it with ' and what you need to find is ' and replace it with '' -- the exact opposite.
0
 
LVL 54

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 1400 total points
ID: 40465849
I think I meant

replace(myval,"'","'")

http://jsbin.com/yebeworuso/1/edit
0
 

Author Comment

by:Bob Schneider
ID: 40465878
This worked:
        'get remote part data based on part id
        Set rs = New ADODB.Recordset
        sql = "SELECT FirstName, LastName, City, St, Phone, Email, DOB, Gender, Country, FBook, Twitter, Uploaded "
        sql = sql & "FROM Participant WHERE ParticipantID = " & PartsToAdd(i)
        rs.Open sql, srvr_conn, 1, 2
        For j = 0 To 10
            PartArr(j) = rs(j).Value
        Next j
        rs(11).Value = "y"
        rs.Update
        rs.Close
        Set rs = Nothing
                
        'check to see if this participant exists
        lParticipantID = 0
        Set rs = New ADODB.Recordset
        sql = "SELECT ParticipantID FROM Participant WHERE FirstName = '" & Replace(PartArr(0), Chr(39), Chr(34))
        sql = sql & "' AND LastName = '" & Replace(PartArr(1), Chr(39), Chr(34))
        sql = sql & "' AND Email = '" & PartArr(5) & "' AND Gender = '" & PartArr(7) & "'"
        rs.Open sql, conn, 1, 2
        If rs.RecordCount > 0 Then lParticipantID = rs(0).Value
        rs.Close
        Set rs = Nothing

Open in new window


Thanks!
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Via a live example combined with referencing Books Online, show some of the information that can be extracted from the Catalog Views in SQL Server.
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question