Hi
My user has put ' with editable place and then press enter so this same way
put text information with ' string into database.
When I try tu user command : UPDATE and try to change text with ' and use
command WHERE = ('text'') then I just received error command from SQL2000
server - I know what kind of problem is but i need your hel to get some
diferent command or method to change wrong put information
Thx for your qiuck help
Kayser

"Qwiati" <qwiati@wp.pl> wrote in message news:c51ncc$it$1@news.onet.pl...
> Hi
> My user has put ' with editable place and then press enter so this same
way
> put text information with ' string into database.
> When I try tu user command : UPDATE and try to change text with ' and use
> command WHERE = ('text'') then I just received error command from SQL2000
> server - I know what kind of problem is but i need your hel to get some
> diferent command or method to change wrong put information
> Thx for your qiuck help
> Kayser
>

Replace any occurrence of {quote} in your string with {quote}{quote}.

e.g.

update mytable set field = ' doesn''t ... ' where field = 'does not'

S

"Steven Wilmot" <steven-news@wilmot.me.uk> wrote in message
news:40747454$0$63629$5a6aecb4@news.aaisp.net.uk.. .
>
> "Qwiati" <qwiati@wp.pl> wrote in message news:c51ncc$it$1@news.onet.pl...
> > Hi
> > My user has put ' with editable place and then press enter so this same
> way
> > put text information with ' string into database.
> > When I try tu user command : UPDATE and try to change text with ' and
use
> > command WHERE = ('text'') then I just received error command from
SQL2000
> > server - I know what kind of problem is but i need your hel to get some
> > diferent command or method to change wrong put information
> > Thx for your qiuck help
> > Kayser
> >
>
> Replace any occurrence of {quote} in your string with {quote}{quote}.
>
> e.g.
>
> update mytable set field = ' doesn''t ... ' where field = 'does not'
>
hmmm but let me show you what I have:
update mytable set field = 'blabla' where field = 'blabla" - this is my
problem because of the end of text I have in database have this --> ' <--
so if I set command: where filed = 'blabla" then I have .......syntax error

Or I dont undersood waht you would like to tell me

Maybe you should use a stored procedure or parameters instead of
building the string manually. Then you don't have to worry about the '
issue, and you don't have to worry about a sql injection attack.

instead of

sSQL = "update table set column='" + sSomeVariable + "' where x='" +
sSomeValue + "'"

do

sSQL = "update table set column=@sValue where x=@sKey"

Then, if it's a command object in ado or ado.net, add parameters to
your command object containing the values.

Personally, I prefer to put the update in the stored procedure then
pass parameters to the stored procedure.

But, if you want to do it the string way...

sSQL = "update table set column='" + replace(sSomeVariable, "'", "''")
+ "' where x='" + replace(sSomeValue, "'", "''") + "'"

Assuming vb/asp there. .net would be sSomeVariable.Replace("'", "''")




"Qwiati" <qwiati@wp.pl> wrote in message news:<c520ci$obs$1@news.onet.pl>...
> "Steven Wilmot" <steven-news@wilmot.me.uk> wrote in message
> news:40747454$0$63629$5a6aecb4@news.aaisp.net.uk.. .
> >
> > "Qwiati" <qwiati@wp.pl> wrote in message news:c51ncc$it$1@news.onet.pl...
> > > Hi
> > > My user has put ' with editable place and then press enter so this same
> way
> > > put text information with ' string into database.
> > > When I try tu user command : UPDATE and try to change text with ' and
> use
> > > command WHERE = ('text'') then I just received error command from
> SQL2000
> > > server - I know what kind of problem is but i need your hel to get some
> > > diferent command or method to change wrong put information
> > > Thx for your qiuck help
> > > Kayser
> > >
> >
> > Replace any occurrence of {quote} in your string with {quote}{quote}.
> >
> > e.g.
> >
> > update mytable set field = ' doesn''t ... ' where field = 'does not'
> >
> hmmm but let me show you what I have:
> update mytable set field = 'blabla' where field = 'blabla" - this is my
> problem because of the end of text I have in database have this --> ' <--
> so if I set command: where filed = 'blabla" then I have .......syntax error
>
> Or I dont undersood waht you would like to tell me

Thx for your help guys it helps when I put double '''' at the and of command
:
update mytable set 'blabla' where field = 'blabla'''' - so the solution was
very easy
anyway thx for your help once more
Regards
Q