Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Programming
 apostrophy throwing error '80040e14'

Author  Topic 

mcparland1
Starting Member

2 Posts
Posted - 2010-02-03 : 08:36:32
I've seen refrences to correcting the sql ' error, but I'm having a problem implimenting it into my code. So far my code reads:

(any help would be appreciated)

<%
act=ToStr(Request("act"))
OpenDBConn()
if act="" AND Request("mode")<>"Submit" or Request("Id")<>"" then
dim getProfile,getLoc
set getProfile = Server.CreateObject("ADODB.Recordset")
set getLoc = Server.CreateObject("ADODB.Recordset")
getProfile.open "Select * from tblUsers where Id="&Session("UserID"),conn
txtId=getProfile("Id")
txtUsername=getProfile("Username")
txtEmail=getProfile("Email")
txtPassword=getProfile("Password")
txtDesc=getProfile("Description")
txtphone=getProfile("Phone")
getProfile.close
set getProfile = nothing
set getLoc = Server.CreateObject("ADODB.Recordset")
getLoc.open "Select * from tblLocations where Status=1 AND UserId="&Session("UserID"),conn
Cr=getLoc("country")
sct=getLoc("state")
cts=getLoc("city")
getLoc.close
set getLoc = nothing
End if

if act="upd" AND Request("mode")="Submit" then
txtUsername=Trim(ToStr(Request("txtUsername")))
txtEmail=Trim(ToStr(Request("txtEmail")))
txtPassword=Trim(ToStr(Request("txtPassword")))
txtPasswordConf=Trim(ToStr(Request("txtPasswordConf")))
txtDesc=Trim(ToStr(Request("txtDesc")))
txtPhone=Trim(ToStr(Request("txtPhone")))
Cr=Trim(Request("cr"))
sct=Trim(Request("sct"))
cts=Trim(Request("cts"))

dim UpdateProfile,UpdateLocation
UpdateProfile = "Update tblUsers set Username='"& txtUsername &"',Password='"& txtPasswordConf &"',Email='"& txtEmail&"',Phone='"& txtphone &"',Description='"& txtDesc &"' WHERE Id="&Session("UserID")
conn.Execute (UpdateProfile)
UpdateLocation = "Update tblLocations set Country='"& Cr &"',State='"& sct &"',city='"& cts &"' WHERE UserId="&Session("UserID")
conn.Execute (UpdateLocation)
msgerr="Profile has been modified."
loca= "EditRegister.asp"
%>

Lumbago
Norsk Yak Master

3271 Posts
Posted - 2010-02-03 : 08:44:44
The simple version is to just replace any single quites with double:

txtDesc=REPLACE(Trim(ToStr(Request("txtDesc"))), "'", "''")

The VERY much better option is to create proper parameters:

http://www.freevbcode.com/ShowCode.Asp?ID=3687

- Lumbago
If the facts don't fit the theory, change the facts. Albert Einstein
Go to Top of Page

visakh16
Very Important crosS Applying yaK Herder

52326 Posts
Posted - 2010-02-03 : 11:08:19
also see

http://sqlblogcasts.com/blogs/madhivanan/archive/2008/02/19/understanding-single-quotes.aspx
Go to Top of Page

mcparland1
Starting Member

2 Posts
Posted - 2010-02-03 : 12:27:35
thanks guys! Works like a charm. Looks like I'll be hitting the books again on some of this stuff...

glen
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site