Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2000 Forums
 SQL Server Development (2000)
 Problem while inserting the Quoted data into table

Author  Topic 

vbnirmal
Starting Member

1 Post
Posted - 2011-06-16 : 23:27:23
I have some problem while inserting the data into the table from visual basic 6.0 using ado. The data itself can contain the ' (single cote). so how do i write my insert query?javascript:insertsmilie('')

I tried, Set Quoted_identifier Off but can not complete my goal. Please Any help is appreciated.

qry="Insert into trytbl values('" & Me.txtVal1.text & "','" & Me.txtVal2.text & "')"

Con.execute qry


Please Tell me in depth. And give me a example.

Thank You.
N.p Subedi.

...............
N.p Subedi

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2011-06-17 : 00:29:14
Your code is vulnerable to SQL injection. Please use parameterized queries only or stored procedures to avoid this security problem.

Do some searching on how to escape characters.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site