|
| |
|
|
hzarabet
Posts: 1540
From: New Milford CT USA
Status: offline
 |
' and & - 3/31/2001 22:29:00
What is the code to stop getting error messages when database results include a ' or a & ? Where does this code go?Tried the seach with no luck. Thanks. ------------------
www.Signingshotline.com lists EVERY upcoming athlete autograph appearance in the US and Canada
|
|
|
|
Vince from Spain
Posts: 658
From: Madrid Spain
Status: offline
|
RE: ' and & - 4/1/2001 20:31:00
Hi,
as far as I know, if you are using the DRW then this should get done for you automatically. Otherwise, something like this . . .
<%
Function SQLFixup(TextIn)
SQLFixup = ReplaceStr(TextIn, "'", "''", 0)
End Function
%>And use these on your input strings such as . . . <%
myinput = SQLFixup(Request.Form("myinput")) ' And now you can use it safely in your SQL SQL= "SELECT * FROM mytable WHERE myfield LIKE '%" & myinput & "';"
%> For example . . . Vince
------------------
Internet Business Solutions S.L.(Spain)
| |
|
|
|
hzarabet
Posts: 1540
From: New Milford CT USA
Status: offline
|
RE: ' and & - 4/2/2001 20:55:00
Thanks VFS, butI am a bit confused with the answer. Let me give a little more detail. On my search page, one of my search fields is "Player". Now, if a player's name is Ed O'Reilly, if this player's name is searched, I will get an error message on my database results page, caused by the '. I have removed all the gray code already. Also, I have a search field (on the same page with the "Player" search field) called "Promoter". Not only can this name have a ' in it, but a "&" as well. So this one is a double whammy as both cause the error message. Up to now, I was leaving these offenders out of my records (Ed OReilly instead of Ed O'Reilly), but I know this is a cheap get-around. Thanks again guys. ------------------
www.Signingshotline.com lists EVERY upcoming athlete autograph appearance in the US and Canada
| |
|
|
|
hzarabet
Posts: 1540
From: New Milford CT USA
Status: offline
|
RE: ' and & - 4/2/2001 23:15:00
Found this but don't know what to do with it!<%
Function padQuotes( instring )
REM This function pads an extra single quote in strings containing
quotes for REM proper SQL searching. Dim bodybuild
Dim bodystring
Dim Length
Dim i bodybuild = ""
bodystring = instring
Length = Len(bodystring)
For i = 1 to length
bodybuild = bodybuild & Mid(bodystring, i, 1)
If Mid(bodystring, i, 1) = Chr(39) Then
bodybuild = bodybuild & Mid(bodystring, i, 1)
End If
Next
bodystring = bodybuild
padQuotes = bodystring
End Function
%> Does this script require any changes specific to my site? Does it goes on my search page or my results page? Where on either does it go? ------------------
www.Signingshotline.com lists EVERY upcoming athlete autograph appearance in the US and Canada
| |
|
|
|
Vince from Spain
Posts: 658
From: Madrid Spain
Status: offline
|
RE: ' and & - 4/3/2001 20:42:00
Hi Hzarabet,
Either of those functions should do the trick. They both do pretty much the same thing. What you want to do is to use that function on your input parameters. So for instance if your "Player" is "posted" to the form, use the function on the value. Like for instance . . .
Player = SQLFixup(Request.Form("Player"))The the variable "Player" is now safe to use in your SQL query. The thing is though, you say this code comes from the DRW. The DRW contains a function in
_fpclass/fpdbrgn1.inc
which is FP_ReplaceQuoteChars, which does this very thing. I am a bit confused why this is not working. Vince
------------------
Internet Business Solutions S.L.(Spain)
| |
|
|
|
hzarabet
Posts: 1540
From: New Milford CT USA
Status: offline
|
RE: ' and & - 4/3/2001 20:18:00
Hi VFS:I REMOVED the DRW code. Here is what I inserted: <%
Function SQLFixup(TextIn)
SQLFixup = ReplaceStr(TextIn, "'", "''", 0)
End Function
%>
<%Player = SQLFixup(Request.Form("Player"))%>
When I place both parts of this before the database code on the results page I get:
Microsoft VBScript runtime error '800a000d'
Type mismatch: 'ReplaceStr' /results_copy(2).asp, line 162 When I split the parts up and put the top part above the database code and the bottom part below the code but before the result I get: The statndard yellow incorrect syntax message. When I place both parts below the database code but above the results I get: Microsoft VBScript compilation error '800a03ea' Syntax error /results_copy(2).asp, line 182 Function SQLFixup(TextIn) VFS, as you can see, I am really not sure what I'm doing! The more specific you can be, the better. Thanks again. ------------------
www.Signingshotline.com lists EVERY upcoming athlete autograph appearance in the US and Canada
| |
|
|
|
hzarabet
Posts: 1540
From: New Milford CT USA
Status: offline
|
RE: ' and & - 4/4/2001 21:01:00
Hi Guys:I'm sorry but I'm still clueless. I just don't know what to do with this to make it work! ------------------
www.Signingshotline.com lists EVERY upcoming athlete autograph appearance in the US and Canada
| |
|
|
|
Spooky
Posts: 26606
Joined: 11/11/1998
From: Middle Earth
Status: offline
|
RE: ' and & - 4/4/2001 21:44:00
<%
Function SQLFixup(TextIn)
SQLFixup = Replace(TextIn, "'", "''")
End Function
%>
<%Player = SQLFixup(Request.Form("Player"))%> Are you saving or displaying a record?
| |
|
|
|
hzarabet
Posts: 1540
From: New Milford CT USA
Status: offline
|
RE: ' and & - 4/4/2001 21:52:00
My original intention was to display the record. The record is entered into the database as "Ed O'Reilly" for example. I need the coding to make Ed O'Reilly SQL friendly when someone does a seach for the "Player" named "Ed O'Reilly". Right now, this would give me the big yellow syntax error.------------------
www.Signingshotline.com lists EVERY upcoming athlete autograph appearance in the US and Canada
| |
|
|
|
hzarabet
Posts: 1540
From: New Milford CT USA
Status: offline
|
RE: ' and & - 4/9/2001 20:15:00
HELP, I'm Fall
i
n
g ------------------
www.Signingshotline.com lists EVERY upcoming athlete autograph appearance in the US and Canada
| |
|
|
|
Spooky
Posts: 26606
Joined: 11/11/1998
From: Middle Earth
Status: offline
|
RE: ' and & - 4/9/2001 23:57:00
Youll need to replace the single quote with a double quote ala :
http://www.learnasp.com/learn/dbtroubleshoot2.aspBut, using the DRW, Id expect it to be there by default (and if not, youll have to manually code it!)
| |
|
|
|
hzarabet
Posts: 1540
From: New Milford CT USA
Status: offline
|
RE: ' and & - 4/9/2001 13:19:00
I do understand the basic concept that a ' must be replaced with a ", but even after reading the link, I am not sure where to place these correcting statements.I have removed the gray. I am looking to display the results, not enter info. So, where does this go: <%
Function SQLFixup(TextIn)
SQLFixup = Replace(TextIn, "'", "''")
End Function
%> <%Player = SQLFixup(Request.Form("Player"))%>
I know I am beating adead horse with this, but every way I try to insert this, I am getting errors.
Thanks guys ------------------
www.Signingshotline.com lists EVERY upcoming athlete autograph appearance in the US and Canada
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
