Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.

Tip of the Day
Language: Visual Basic
Expertise: Beginner
Apr 27, 2000



Application Security Testing: An Integral Part of DevOps

Clean Quotes From SQL Parameters With Replace

If you've ever used SQL commands against the ADO Connection object, you might have had a problem allowing the user to enter text that contains an apostrophe:
ADOCon.Execute "Insert Into Emp(Name) Select '" _
	& txtName.Text & "'"
This works fine if the name is Smith, but fails if the name is O'Connor. You can easily solve this problem with VB6's Replace function. Use the Replace function to parse the string and replace the single apostrophe with two apostrophes (not double quotes):
ADOCon.Execute _
	"Insert Into Emp(Name) Select '" _
	& Replace(txtName.Text, "'", "''") & "'"
Scott Summers
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.
Thanks for your registration, follow us on our social networks to keep up-to-date