Problem on String

  • Thread starter Thread starter Agnes
  • Start date Start date
A

Agnes

my simple commandtext is ="update mytable set equipname = ' " &
Me.txtEqip.text & " ' " ... where
Now, if Me.txtEqip.text = 20' <-----------I will got the error on this
command,
Please help ~
 
Option Strict On?

Same thing happen with Me.txtEquip.text = "20" ?

What exactly is the exception?
 
smith said:
Option Strict On?

Same thing happen with Me.txtEquip.text = "20" ?

What exactly is the exception?

Check the database - does it allow non-numeric characters ? How many ?
What type of data is allowed ? Can more than 1 record have the same value
for that field ?
 
Agnes said:
my simple commandtext is ="update mytable set equipname = ' " &
Me.txtEqip.text & " ' " ... where
Now, if Me.txtEqip.text = 20' <-----------I will got the error on this
command,

Think about using '*UpdateCommand' classes with parameters instead of
constructing the SQL command directly. This will prevent SQL injection.
Maybe you can solve your problem by replacing "'" with "''" before inserting
it into the SQL command (if you still want to use the unsecure way of
constructing SQL command strings by hand).
 
Agnes said:
my simple commandtext is ="update mytable set equipname = ' " &
Me.txtEqip.text & " ' " ... where
Now, if Me.txtEqip.text = 20' <-----------I will got the error on this
command,
Please help ~

You need to parse your values to replace single quotes with double
quotes. The resulting query you have now looks like this:

update mytable set equipname = ' 20''

That's one quote to many. If Me.txtEqip.text contains 20'' it should
work and enter only one quote into the database. This is especially
important for web applications to prevent SQL injection.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top