Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Apostrophe in SQL Syntax

Reply
Thread Tools

Apostrophe in SQL Syntax

 
 
=?Utf-8?B?QnJpYW4=?=
Guest
Posts: n/a
 
      03-07-2005
Thanks for your time.

I've built an asp.net/vb.net CMS(Content Management System) application. I
have several different UI's that provide the user the ability to maintain
site content that is stored in a MySQL db. Currently I'm using ado.net to
connect to the MySQL db.

I'm having difficulty with apostrophes in the sql syntax that updates, and
adds new records. (example:Joe's Garage causes an error).

I've tried replace(mystring, "'","''") - double quotes, replace(mystring,
"'","/'") - MySQL escape chars. No luck. I was going to give parameters a
try. Will this solve the problem? Does ADO support parameters - or are they
strictly an OleDB type thing? The site is hosted, so I don't think that I
can use DSNs, or install anything.
 
Reply With Quote
 
 
 
 
Damon Payne
Guest
Posts: n/a
 
      03-07-2005
Using paramters will fix the issue.

--
------------------------------------------
Damon Payne
http://www.damonpayne.com
"Brian" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks for your time.
>
> I've built an asp.net/vb.net CMS(Content Management System) application.

I
> have several different UI's that provide the user the ability to maintain
> site content that is stored in a MySQL db. Currently I'm using ado.net to
> connect to the MySQL db.
>
> I'm having difficulty with apostrophes in the sql syntax that updates, and
> adds new records. (example:Joe's Garage causes an error).
>
> I've tried replace(mystring, "'","''") - double quotes, replace(mystring,
> "'","/'") - MySQL escape chars. No luck. I was going to give parameters

a
> try. Will this solve the problem? Does ADO support parameters - or are

they
> strictly an OleDB type thing? The site is hosted, so I don't think that I
> can use DSNs, or install anything.



 
Reply With Quote
 
 
 
 
Steve C. Orr [MVP, MCSD]
Guest
Posts: n/a
 
      03-07-2005
You should use ADO.NET parameter objects. They will solve your problem and
they will also protect you from SQL Injection Attacks, which it sounds like
your code is probably vulnerable to at this time.

Here's more info:
http://msdn.microsoft.com/library/de...classtopic.asp

http://msdn.microsoft.com/library/de...isualbasic.asp

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net


"Brian" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks for your time.
>
> I've built an asp.net/vb.net CMS(Content Management System) application.
> I
> have several different UI's that provide the user the ability to maintain
> site content that is stored in a MySQL db. Currently I'm using ado.net to
> connect to the MySQL db.
>
> I'm having difficulty with apostrophes in the sql syntax that updates, and
> adds new records. (example:Joe's Garage causes an error).
>
> I've tried replace(mystring, "'","''") - double quotes, replace(mystring,
> "'","/'") - MySQL escape chars. No luck. I was going to give parameters
> a
> try. Will this solve the problem? Does ADO support parameters - or are
> they
> strictly an OleDB type thing? The site is hosted, so I don't think that I
> can use DSNs, or install anything.



 
Reply With Quote
 
=?Utf-8?B?QnJpYW4=?=
Guest
Posts: n/a
 
      03-07-2005
Thanks for your posts - on sunday night no less.

I'll move forward with the parameter method. Can anyone explain why the
replace method failed?

"Steve C. Orr [MVP, MCSD]" wrote:

> You should use ADO.NET parameter objects. They will solve your problem and
> they will also protect you from SQL Injection Attacks, which it sounds like
> your code is probably vulnerable to at this time.
>
> Here's more info:
> http://msdn.microsoft.com/library/de...classtopic.asp
>
> http://msdn.microsoft.com/library/de...isualbasic.asp
>
> --
> I hope this helps,
> Steve C. Orr, MCSD, MVP
> http://SteveOrr.net
>
>
> "Brian" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Thanks for your time.
> >
> > I've built an asp.net/vb.net CMS(Content Management System) application.
> > I
> > have several different UI's that provide the user the ability to maintain
> > site content that is stored in a MySQL db. Currently I'm using ado.net to
> > connect to the MySQL db.
> >
> > I'm having difficulty with apostrophes in the sql syntax that updates, and
> > adds new records. (example:Joe's Garage causes an error).
> >
> > I've tried replace(mystring, "'","''") - double quotes, replace(mystring,
> > "'","/'") - MySQL escape chars. No luck. I was going to give parameters
> > a
> > try. Will this solve the problem? Does ADO support parameters - or are
> > they
> > strictly an OleDB type thing? The site is hosted, so I don't think that I
> > can use DSNs, or install anything.

>
>
>

 
Reply With Quote
 
Scott Allen
Guest
Posts: n/a
 
      03-07-2005
Hi Brian:

Were you assigning the result of String.Replace into a new string?
Replace doesn't modify the object you invoke the method upon, but
instead returns a new instance of a string.

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Sun, 6 Mar 2005 18:53:04 -0800, "Brian"
<(E-Mail Removed)> wrote:

>Thanks for your posts - on sunday night no less.
>
>I'll move forward with the parameter method. Can anyone explain why the
>replace method failed?
>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Double apostrophe in SQL Problem MRW ASP .Net 1 12-12-2006 08:35 PM
[ANN] SqlStatement 1.0.0 - hide the syntax of SQL behind familiarruby syntax Ken Bloom Ruby 3 10-09-2006 06:46 PM
User id with an apostrophe receives logon syntax error RCITGuy ASP .Net Security 1 06-30-2005 10:13 PM
Firebird bug? Message board using apostrophe gives search popup etc nospam4me Firefox 1 05-27-2005 08:34 AM
Re: How to keep apostrophe in string with jscript paul reed ASP .Net 0 10-17-2003 03:31 AM



Advertisments