David Emerson
davide at dalyn.co.nz
Tue May 20 20:40:11 CDT 2003
I know it has been a long time but I finally managed to get around to fixing this part of my program. I have a couple of refinements that I have shown below. One is that if the apostrophe is at the end of the text then it would not have been picked up (needed to change the comparison to <=). Second was that if there was more than 1 apostrophe then because the ChkText was getting longer with the extra apostrophes it might not have checked to the end so I deleted the lbLength variable and checked against the new length each loop. Here is my amended code. Public Function basFixSingleQuote(strChkText As String) As String Dim intPosition As Integer intPosition = InStr(1, strChkText, "'") Do While intPosition > 0 And intPosition <= Len(strChkText) strChkText = Left(strChkText, intPosition) & Mid(strChkText, intPosition) intPosition = InStr(intPosition + 2, strChkText, "'") Loop basFixSingleQuote = strChkText End Function Regards David Emerson At 17/02/2003, you wrote: >Hi David: > >Here is an example that works with all versions of Access: > > .... > With EmployeeRecord > .Surname = FixSingleQuote(.Surname) > End With > .... > >Public Function FixSingleQuote(ChkText As String) as String > Dim lbPosition As Integer > Dim lbLength As Integer > > lbLength = Len(ChkText) > lbPosition = InStr(1, ChkText, "'") > > Do While lbPosition > 0 And lbPosition < lbLength > ChkText = Left(ChkText, lbPosition) & Mid(ChkText, lbPosition) > lbPosition = InStr(lbPosition + 2, ChkText, "'") > Loop > > FixSingleQuote = ChkText > >End Function > >HTH >Jim > >-----Original Message----- >From: dba-sqlserver-admin at databaseadvisors.com >[mailto:dba-sqlserver-admin at databaseadvisors.com]On Behalf Of David >Emerson >Sent: Monday, February 17, 2003 9:58 AM >To: dba-sqlserver at databaseadvisors.com >Subject: Re: [dba-SQLServer]Changing apostrophes in string > > >Thanks. Does anyone have the code handy to do this (I could sit down and >write a function that does it but am running out of time). > >David > >At 17/02/2003, you wrote: > >Hi David, > > > >replcace every ' with '' (2 apostrophes, the first ' acts as an escape > >character) before sending > >the sql statement to SQL2000. > >This especially gives you some (though not enough) protection in case of > >sql injections ([Forms]![frmCustomers]!MName = > >"test ' drop table tblCustStatement -- " etc.) > > > > > >Christoph Seck > > > > > > > >-------- Original Message -------- > >Subject: [dba-SQLServer]Changing apostrophes in string (17-Feb-2003 4:21) > >From: davide at dalyn.co.nz > >To: dbaSQL.chseck at kuehne-holz.de > > > > > I tried the archives but couldn't get in . > > > > > > I have a simple sql statement to be run from and AXP ADP to SQL2000 > > > > > > DoCmd.RunSQL "UPDATE tblCustStatement SET tblCustStatement.SMName = '" & > > > [Forms]![frmCustomers]![MName] & "' WHERE (((tblCustStatement.CustIDNo)= > > > " & [Forms]![frmCustomers]![txtCustomerID] & ") AND > > > ((tblCustStatement.StatementNumber)= " & > > > [Forms]![frmCustomers]![txtInvNumber] & "));" > > > > > > How do we handle the following situation where > > [Forms]![frmCustomers]!MName > > > > > > includes an apostrophe? > > > > > > > > > Regards > > > > > > David Emerson > > > DALYN Software Ltd > > > 25b Cunliffe St, Johnsonville > > > Wellington, New Zealand > > > Ph/Fax (877) 456-1205 > > > > > > _______________________________________________ > > > dba-SQLServer mailing list > > > dba-SQLServer at databaseadvisors.com > > > http://databaseadvisors.com/mailman/listinfo/dba-sqlserver > > > http://www.databaseadvisors.com > > > > > > >_______________________________________________ > >dba-SQLServer mailing list > >dba-SQLServer at databaseadvisors.com > >http://databaseadvisors.com/mailman/listinfo/dba-sqlserver > >http://www.databaseadvisors.com > >_______________________________________________ >dba-SQLServer mailing list >dba-SQLServer at databaseadvisors.com >http://databaseadvisors.com/mailman/listinfo/dba-sqlserver >http://www.databaseadvisors.com > >_______________________________________________ >dba-SQLServer mailing list >dba-SQLServer at databaseadvisors.com >http://databaseadvisors.com/mailman/listinfo/dba-sqlserver >http://www.databaseadvisors.com _______________________________________________ dba-SQLServer mailing list dba-SQLServer at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-sqlserver http://www.databaseadvisors.com