Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Double apostrophes

Reply
Thread Tools

Double apostrophes

 
 
Aaron Bertrand [SQL Server MVP]
Guest
Posts: n/a
 
      07-13-2005
There's something missing or that you're not telling us. Do you understand
why replace() is used when passing data *to* the statement, but not when
retrieving the data from the database? Are you sure you didn't enter two
apostrophes into the form?

While you've told us that you are doing this correctly, we have no way to
verify that you really are. It sounds to me like you're not.

Sorry, but I don't know how else to help you.


> When displaying the data in my textarea box, here is the code:
> <textarea cols="30" rows="10"
> name="comments"><%=trim(rs("comments"))%></textarea>
>
>
> At that time, it displays IT''S NICE.



 
Reply With Quote
 
 
 
 
Bob Barrows [MVP]
Guest
Posts: n/a
 
      07-13-2005
Joey Martin wrote:
> Bob,
> Not sure I understand your comments about not using dynamic sql. I
> read the documents and it seems as if I do it the correct way.
> USUALLY, I do not use a recordset to update variables. My current
> code does, because it's old code and I never re-wrote it. Usually, I
> do the following:
>
> if request("submit")<> "" then
> v1=Replace(Request.form("v1"), "'", "''")
> v2=Replace(Request.form("v2"), "'", "''")
>
> sql="update table set v1='" & v1 & "',v2='" & v2 & "' where id='1'"
> conn.execute (sql)
>

Wait a minute. Earlier you showed this code:

Set RS = Server.CreateObject("ADODB.Recordset")
sqlUpdate = "SELECT * FROM ricprops WHERE propno='" & Request("id") &
"'"

RS.open sqlUpdate,Conn,1,3
RS("comments") = Replace(Request.form("comments"), "'", "''")
RS.Update
RS.Close


When updating a recordset field, do NOT escape (double up) the aprostrophe.
Change it to:
RS("comments") = Request.form("comments")

The only time you need to escape the apostrophe is when you are building
dynamic sql as in the update statement you show above.
>
>
> Is that incorrect? Doing it this way, I still get the double
> apostrophe.
>


I don't think so. Create a page with just this code in it:

<%
dim conn, sql, rs, input, output
input="it's nice"
set conn=createobject("adodb.connection")
conn.open "your connection string"
sql= "update ricprops set comments='" & _
Replace(input, "'", "''") & _
"WHERE propno=1"
conn.execute sql,,129
sql="select comments from ricprops WHERE propno=1"
set rs=conn.execute(sql,,1)
output=rs(0).value
rs.close:set rs=nothing
conn.close: set conn=nothing
%>

<html><body>
I guarantee this will contain only one apostrophe:<BR>
<textarea cols="30" rows="10"
name="comments"><%=trim(rs("comments"))%></textarea>
</body></html>

Run the page.

Bob Barrows


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.


 
Reply With Quote
 
 
 
 
Giles
Guest
Posts: n/a
 
      07-13-2005
"Aaron Bertrand [SQL Server MVP]" wrote
> > Note you should use request.form() not the lazy request().


Hi Aaron - What's the downside of request only? is the overhead of all the
request objects being hunted through? I sometimes use it to be able to test
processing pages with a querystring without having to rewrite the forms on
the previous page.
Thanks
Giles


 
Reply With Quote
 
Aaron Bertrand [SQL Server MVP]
Guest
Posts: n/a
 
      07-13-2005
> Hi Aaron - What's the downside of request only? is the overhead of all the
> request objects being hunted through?


http://www.aspfaq.com/2111

> I sometimes use it to be able to test processing pages with a querystring
> without having to rewrite the forms on the previous page.


You could test which method was used and handle it in a function, test
Request.ServerVariables("REQUEST_METHOD") *once*... then you could use
something like req("item") instead of having to change them.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
URLEncode doesn't like apostrophes? darrel ASP .Net 0 07-08-2005 08:05 PM
HtmlEncode with apostrophes Andy Fish ASP .Net 4 04-06-2005 03:28 PM
Replacing apostrophes for an sql statements MS Java 3 02-22-2005 10:49 AM
cannot convert parameter from 'double (double)' to 'double (__cdecl *)(double)' error Sydex C++ 12 02-17-2005 06:30 PM
SQL and apostrophes Chris Huddle ASP .Net 2 12-10-2003 07:36 PM



Advertisments