Please start any new threads on our new site at http://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

Our new SQL Server Forums are live! Come on over! We've restricted the ability to create new threads on these forums.

SQL Server Forums
Profile | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 SQL Server 2000 Forums
 SQL Server Development (2000)
 Problem while inserting the Quoted data into table
 Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

vbnirmal
Starting Member

1 Posts

Posted - 06/16/2011 :  23:27:23  Show Profile  Reply with Quote
I have some problem while inserting the data into the table from visual basic 6.0 using ado. The data itself can contain the ' (single cote). so how do i write my insert query?javascript:insertsmilie('')

I tried, Set Quoted_identifier Off but can not complete my goal. Please Any help is appreciated.

qry="Insert into trytbl values('" & Me.txtVal1.text & "','" & Me.txtVal2.text & "')"

Con.execute qry


Please Tell me in depth. And give me a example.

Thank You.
N.p Subedi.

...............
N.p Subedi

tkizer
Almighty SQL Goddess

USA
38200 Posts

Posted - 06/17/2011 :  00:29:14  Show Profile  Visit tkizer's Homepage  Reply with Quote
Your code is vulnerable to SQL injection. Please use parameterized queries only or stored procedures to avoid this security problem.

Do some searching on how to escape characters.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page
  Previous Topic Topic Next Topic  
 Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.45 seconds. Powered By: Snitz Forums 2000