Re: SQL SELECt with ' in filter name
- From: "Bob Barrows [MVP]" <reb01501@xxxxxxxxxxxxxxx>
- Date: Mon, 26 Jun 2006 09:28:50 -0400
Khalid Rahaman wrote:
I am trying to filter a recordset using the following SQL statementWhile the other suggestions for doubling up the quote will indeed work,
SELECT * FROM 'cars.sold' where seller='" & txtSellername.text & "'"
the txtsellername.text refers to a texbox on the VB form which enters
the name i want to filter by.
This works great for everything except when the variable contains an
' in the textbox for example "Joe's Auto".
Any help would be appreciated.
IMO it is easier and more secure to use parameters, either via stored
procedures (my preference) or buy utilizing parameter markers in
conjunction with an array of parameter values passed via a Command
object. Let me know if you wish me to expand on this.
HTH,
Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
.
- Prev by Date: Re: get ado connection events
- Next by Date: Re: ASP/ADO: Can I get by without specifying Connection if pool is used (ADO, not ADO.NET?
- Previous by thread: Re: SQL SELECt with ' in filter name
- Next by thread: Here's a rather broad question...
- Index(es):
Relevant Pages
|
|
