Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > inserting apostrophes into DB?

Reply
Thread Tools

inserting apostrophes into DB?

 
 
Lord Merlin
Guest
Posts: n/a
 
      07-01-2004
When I insert info into a DB from a form, it cuts the string off at the
first apostrophe (").

How would I make it insert the data as-is, with the apostrophes?
Here is the code used to insert the Data:



strsubject = " " & GetFormData("strsubject") & " "
incident = " " & GetFormData("incident") & " "
solution = " " & GetFormData("solution") & " "


InsertQuery="INSERT INTO comments " &_
"(NUserID,thedate, currentdate, commenttype, userid, username,
supplier, person, subject, description, solution, industry, country,
province, city, area, emailsent, clientresponse, compliment,
complaint,telno,subscriber)" &_
" VALUES (" & Session("NUserID") & ", '" &_
thedate & "','" &_
currentdate & "','" &_
strcomment & "'," &_
Session("NUserID") & ",'" &_
alias & "','" &_
Replace(companyname,"'","''") & "','" &_
person & "','" &_
Replace(strsubject, "'", chr(39) & chr(39)) & "','" &_
Replace(incident, "'", chr(39) & chr(39)) & "','" &_
Replace(solution, "'", chr(39) & chr(39)) & "','" &_
industry & "','" &_
country & "','" &_
province & "','" &_
city & "','" &_
area & "','" &_
"no" & "','" &_
"" & "'," &_
compliment & "," &_
complaint & ",'" &_
telno & "','" & ticksubscriber & "');Select @@IDENTITY as id;"

The problem lies with these three:
strsubject, incident, solution

What can I do?

--


Kind Regards
Rudi Ahlers
+27 (82) 926 1689

Greater love has no one than this, that he lay down his life for his friends
(John 15:13).


 
Reply With Quote
 
 
 
 
Steven Burn
Guest
Posts: n/a
 
      07-01-2004
Server.HTMLEncode() ?

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!


"Lord Merlin" <(E-Mail Removed)_SPAM> wrote in message
news:cc1s0m$o7o$(E-Mail Removed)...
> When I insert info into a DB from a form, it cuts the string off at the
> first apostrophe (").
>
> How would I make it insert the data as-is, with the apostrophes?
> Here is the code used to insert the Data:
>
>
>
> strsubject = " " & GetFormData("strsubject") & " "
> incident = " " & GetFormData("incident") & " "
> solution = " " & GetFormData("solution") & " "
>
>
> InsertQuery="INSERT INTO comments " &_
> "(NUserID,thedate, currentdate, commenttype, userid, username,
> supplier, person, subject, description, solution, industry, country,
> province, city, area, emailsent, clientresponse, compliment,
> complaint,telno,subscriber)" &_
> " VALUES (" & Session("NUserID") & ", '" &_
> thedate & "','" &_
> currentdate & "','" &_
> strcomment & "'," &_
> Session("NUserID") & ",'" &_
> alias & "','" &_
> Replace(companyname,"'","''") & "','" &_
> person & "','" &_
> Replace(strsubject, "'", chr(39) & chr(39)) & "','" &_
> Replace(incident, "'", chr(39) & chr(39)) & "','" &_
> Replace(solution, "'", chr(39) & chr(39)) & "','" &_
> industry & "','" &_
> country & "','" &_
> province & "','" &_
> city & "','" &_
> area & "','" &_
> "no" & "','" &_
> "" & "'," &_
> compliment & "," &_
> complaint & ",'" &_
> telno & "','" & ticksubscriber & "');Select @@IDENTITY as id;"
>
> The problem lies with these three:
> strsubject, incident, solution
>
> What can I do?
>
> --
>
>
> Kind Regards
> Rudi Ahlers
> +27 (82) 926 1689
>
> Greater love has no one than this, that he lay down his life for his

friends
> (John 15:13).
>
>



 
Reply With Quote
 
 
 
 
Mark Schupp
Guest
Posts: n/a
 
      07-01-2004
Are you sure it is truncating in the database (not on a form after it is
extracted from the database)?

The Replace statements in your code should take care of the apostrophes in
the insert statement.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com


"Lord Merlin" <(E-Mail Removed)_SPAM> wrote in message
news:cc1s0m$o7o$(E-Mail Removed)...
> When I insert info into a DB from a form, it cuts the string off at the
> first apostrophe (").
>
> How would I make it insert the data as-is, with the apostrophes?
> Here is the code used to insert the Data:
>
>
>
> strsubject = " " & GetFormData("strsubject") & " "
> incident = " " & GetFormData("incident") & " "
> solution = " " & GetFormData("solution") & " "
>
>
> InsertQuery="INSERT INTO comments " &_
> "(NUserID,thedate, currentdate, commenttype, userid, username,
> supplier, person, subject, description, solution, industry, country,
> province, city, area, emailsent, clientresponse, compliment,
> complaint,telno,subscriber)" &_
> " VALUES (" & Session("NUserID") & ", '" &_
> thedate & "','" &_
> currentdate & "','" &_
> strcomment & "'," &_
> Session("NUserID") & ",'" &_
> alias & "','" &_
> Replace(companyname,"'","''") & "','" &_
> person & "','" &_
> Replace(strsubject, "'", chr(39) & chr(39)) & "','" &_
> Replace(incident, "'", chr(39) & chr(39)) & "','" &_
> Replace(solution, "'", chr(39) & chr(39)) & "','" &_
> industry & "','" &_
> country & "','" &_
> province & "','" &_
> city & "','" &_
> area & "','" &_
> "no" & "','" &_
> "" & "'," &_
> compliment & "," &_
> complaint & ",'" &_
> telno & "','" & ticksubscriber & "');Select @@IDENTITY as id;"
>
> The problem lies with these three:
> strsubject, incident, solution
>
> What can I do?
>
> --
>
>
> Kind Regards
> Rudi Ahlers
> +27 (82) 926 1689
>
> Greater love has no one than this, that he lay down his life for his

friends
> (John 15:13).
>
>



 
Reply With Quote
 
Jeff Cochran
Guest
Posts: n/a
 
      07-02-2004
On Thu, 1 Jul 2004 22:24:18 +0200, "Lord Merlin"
<(E-Mail Removed)_SPAM> wrote:

>When I insert info into a DB from a form, it cuts the string off at the
>first apostrophe (").
>
>How would I make it insert the data as-is, with the apostrophes?


See this:

Crossposting vs. Multiposting:
http://www.blakjak.demon.co.uk/mul_crss.htm

Then check the respone I posted in another group you posted in.

Jeff


> strsubject = " " & GetFormData("strsubject") & " "
> incident = " " & GetFormData("incident") & " "
> solution = " " & GetFormData("solution") & " "
>
>
>InsertQuery="INSERT INTO comments " &_
> "(NUserID,thedate, currentdate, commenttype, userid, username,
>supplier, person, subject, description, solution, industry, country,
>province, city, area, emailsent, clientresponse, compliment,
>complaint,telno,subscriber)" &_
> " VALUES (" & Session("NUserID") & ", '" &_
> thedate & "','" &_
> currentdate & "','" &_
> strcomment & "'," &_
> Session("NUserID") & ",'" &_
> alias & "','" &_
> Replace(companyname,"'","''") & "','" &_
> person & "','" &_
> Replace(strsubject, "'", chr(39) & chr(39)) & "','" &_
> Replace(incident, "'", chr(39) & chr(39)) & "','" &_
> Replace(solution, "'", chr(39) & chr(39)) & "','" &_
> industry & "','" &_
> country & "','" &_
> province & "','" &_
> city & "','" &_
> area & "','" &_
> "no" & "','" &_
> "" & "'," &_
> compliment & "," &_
> complaint & ",'" &_
> telno & "','" & ticksubscriber & "');Select @@IDENTITY as id;"
>
>The problem lies with these three:
> strsubject, incident, solution
>
>What can I do?


 
Reply With Quote
 
Aaron [SQL Server MVP]
Guest
Posts: n/a
 
      07-02-2004
Replace ' with '' not two chr(39)s.

Here is how I do it:

Function doubleApost(str)
doubleApost = Replace(str, "'", "''")
End Function
sql = "INSERT tbl(col) VALUES('" & doubleApost(Request.Form("foo")) & "')"

If you are using SQL Server 2000, use SCOPE_IDENTITY, not @@IDENTITY. And
consider using a stored procedure. Your string building will be much
easier, especially if you use a parameters collection. And your chances for
SQL injection attacks will go to nearly nil.

--
http://www.aspfaq.com/
(Reverse address to reply.)




"Lord Merlin" <(E-Mail Removed)_SPAM> wrote in message
news:cc1s0m$o7o$(E-Mail Removed)...
> When I insert info into a DB from a form, it cuts the string off at the
> first apostrophe (").
>
> How would I make it insert the data as-is, with the apostrophes?
> Here is the code used to insert the Data:
>
>
>
> strsubject = " " & GetFormData("strsubject") & " "
> incident = " " & GetFormData("incident") & " "
> solution = " " & GetFormData("solution") & " "
>
>
> InsertQuery="INSERT INTO comments " &_
> "(NUserID,thedate, currentdate, commenttype, userid, username,
> supplier, person, subject, description, solution, industry, country,
> province, city, area, emailsent, clientresponse, compliment,
> complaint,telno,subscriber)" &_
> " VALUES (" & Session("NUserID") & ", '" &_
> thedate & "','" &_
> currentdate & "','" &_
> strcomment & "'," &_
> Session("NUserID") & ",'" &_
> alias & "','" &_
> Replace(companyname,"'","''") & "','" &_
> person & "','" &_
> Replace(strsubject, "'", chr(39) & chr(39)) & "','" &_
> Replace(incident, "'", chr(39) & chr(39)) & "','" &_
> Replace(solution, "'", chr(39) & chr(39)) & "','" &_
> industry & "','" &_
> country & "','" &_
> province & "','" &_
> city & "','" &_
> area & "','" &_
> "no" & "','" &_
> "" & "'," &_
> compliment & "," &_
> complaint & ",'" &_
> telno & "','" & ticksubscriber & "');Select @@IDENTITY as id;"
>
> The problem lies with these three:
> strsubject, incident, solution
>
> What can I do?
>
> --
>
>
> Kind Regards
> Rudi Ahlers
> +27 (82) 926 1689
>
> Greater love has no one than this, that he lay down his life for his

friends
> (John 15:13).
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Escaping apostrophes inserting into sql mister-Ed ASP .Net 1 10-05-2007 07:09 PM
URLEncode doesn't like apostrophes? darrel ASP .Net 0 07-08-2005 08:05 PM
HtmlEncode with apostrophes Andy Fish ASP .Net 4 04-06-2005 03:28 PM
turn quotes into &quot; and apostrophes into &apos; Eric Osman Javascript 2 04-14-2004 03:51 PM
SQL and apostrophes Chris Huddle ASP .Net 2 12-10-2003 07:36 PM



Advertisments