Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and beginning April 20th, 2021 (Eastern Time) the Yahoo Answers website will be in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.

Trending News

Promoted
daymnimlost
daymnimlost asked in Computers & InternetProgramming & Design · 2 decades ago

SQL and insert problem?

ok, I know that the reason I am getting an error in my insert statement is because of a apostrophe ('). What I am trying to do,or at least figure out is, what can I do to cover come the (') issue? I'm writing the app in asp and basically a customer who is cancelling an order has to provide reasons as to why they are cancelling the order... they are provided a comment box and then submited to another page and requested using the basic request.form("commentbox"). The statement that runs on the second page is

"INSERT into webordercancel values ('"&session("uid")&"','"&commentbox&"');" Obviously you can see where the error would come into play. The (') from the submited comment cancels out the one that is actually inside the code.... any clues?

Update:

So does that mean I have to create a DIM for it and then define the variable?

ie:

dim replacecomma

replacecomma = replace(cdkjflsjdfs)watever

conn.execute replacecomma, insertcomment ?

I guess what im asking is what is the particular way to execute this? Most of you state before the execution of the insert query... could you give me tiny layout please.

5 Answers

Relevance
  • minusman
    2 decades ago
    Favorite Answer

    You need to replace any quotes (" or ') with a second quote.

    So if your comment is:

    I really liked when he said, "Go forth, wise one."

    You would change it to:

    I really liked when he said, ""Go forth, wise one.""

    That will allow the insert to propertly insert the state into the database. Please note that it will not have two quotes in the database.

    So if you did:

    SELECT Comment FROM MyTable

    You would see:

    I really liked when he said, "Go forth, wise one."

  • jskud
    Lv 5
    2 decades ago

    The standard procedure for fixing your issue is to double all instances of '. This makes all the ' into ''. This is different than a double quote " but SQL server will be able to read this as a single quote. Based on which language you are using in your ASP, just try doing a Replace(comment,"'","''") when you put any field that may contain a ' you should use the replace.

    Good luck!

  • frillylilfilly
    2 decades ago

    For any form fields that a user may have to enter an aprostrope, which could also be a name field, you must do a request.replace, before the request.form, and replace the apostrophe with nothing, instead of "'", replace with "". It is hard to explain it here, just type request.replace into your search engine, and you should get plenty of results for developers forums and online tutuorials that will explain it better.

  • ?
    4 years ago

    confident you may get away the unmarried quote and it truly is accomplished in sq. server scripts utilising 2 unmarried quote rather of one ex: insert into table1 values (a million, '!!!! hi '' international !!!!') the '' between hi and international is two unmarried costs not one double quote

  • How do you think about the answers? You can sign in to vote the answer.
  • juanmrq
    Lv 4
    2 decades ago

    Yeah

    before completing the INSERT sequence, make a Replace for the comments (and all the other fields) for the (').

    Example:

    Comments = request("comments")

    Comments = Replace(Comments, "'", "''")

    It will work, i swear!

Still have questions? Get your answers by asking now.