|
number format
Hi,
Our thousand seperator is period, and decimal seperator is comma. so a number looks like this: 1.456,60 formatnumber() produces above format. When entering this value into database, I get error, because comma is also used by SQL to separate records. If the number is smaller than thousand, I can solve thi sby replacing comma with period. but when the number is thousand or greater, I cant fix it. Can anyone tell me a workaround for this please? |
Re: number format
"M. Savas Zorlu" <savas@zorlumail.com> wrote in message
news:O0iYd$VHJHA.3668@TK2MSFTNGP05.phx.gbl... > Hi, > > Our thousand seperator is period, and decimal seperator is comma. > > so a number looks like this: 1.456,60 > > formatnumber() produces above format. > > When entering this value into database, I get error, because comma is also > used by SQL to separate records. > > If the number is smaller than thousand, I can solve thi sby replacing > comma with period. but when the number is thousand or greater, I cant fix > it. > > Can anyone tell me a workaround for this please? > Stop using formatnumber for this job. Also you are probably using string contentation to build up your SQL string including the parameter. Stop doing that as well. Use a command object and add parameters for the appropriate type. -- Anthony Jones - MVP ASP/ASP.NET |
Re: number format
Hi Anthony,
Can you please explain string contentation? and can you please give an example of using a command object? regards, Savas Anthony Jones wrote: > "M. Savas Zorlu" <savas@zorlumail.com> wrote in message > news:O0iYd$VHJHA.3668@TK2MSFTNGP05.phx.gbl... >> Hi, >> >> Our thousand seperator is period, and decimal seperator is comma. >> >> so a number looks like this: 1.456,60 >> >> formatnumber() produces above format. >> >> When entering this value into database, I get error, because comma is >> also used by SQL to separate records. >> >> If the number is smaller than thousand, I can solve thi sby replacing >> comma with period. but when the number is thousand or greater, I cant >> fix it. >> >> Can anyone tell me a workaround for this please? >> > > > Stop using formatnumber for this job. Also you are probably using > string contentation to build up your SQL string including the > parameter. Stop doing that as well. Use a command object and add > parameters for the appropriate type. > > > |
Re: number format
"M. Savas Zorlu" <savas@zorlumail.com> wrote in message
news:u06eP9XHJHA.3548@TK2MSFTNGP05.phx.gbl... > Hi Anthony, > > Can you please explain string contentation? sSQL = "UPDATE myTable SET myField = " & myNumber The problem is if myNumber is ultimately supplied by the client a malicious person can inject SQL code that will do bad things. Search google for SQL Injection. > and can you please give an example of using a command object? > See this:- http://msdn.microsoft.com/en-us/library/ms524771.aspx -- Anthony Jones - MVP ASP/ASP.NET |
Re: number format
Thanks Anthony
Anthony Jones wrote: > "M. Savas Zorlu" <savas@zorlumail.com> wrote in message > news:u06eP9XHJHA.3548@TK2MSFTNGP05.phx.gbl... >> Hi Anthony, >> >> Can you please explain string contentation? > > sSQL = "UPDATE myTable SET myField = " & myNumber > > The problem is if myNumber is ultimately supplied by the client a > malicious person can inject SQL code that will do bad things. Search > google for SQL Injection. > >> and can you please give an example of using a command object? >> > > See this:- > http://msdn.microsoft.com/en-us/library/ms524771.aspx > |
| All times are GMT. The time now is 06:46 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.