March 22, 2012 at 6:18 pm
I am confused by which is the best method to handle quotes in ASP-vbscript / ADO-SQL server
I call a stored procedure to insert a row to a table from an asp page and use
replace(string, "'","''") in the asp page to remove any single quotes before sending the data, this all works absolutely fine when the data is inserted.
BUT when I update the same row again with another call to a stored procedure using the same vbscript replace function in asp I get an extra set of quotes in the data each time.
Should I deal with the quotes in the asp page before sending to procedure via ado OR send it raw and deal with the single quote in the stored procedure?
Or maybe you can suggest another method?
Advice would be very much appreciated
Sorry just realised I've posted this in the wrong area, but can't change it!
March 23, 2012 at 9:57 am
Sorry, most of my Classic ASP skills fell off the queue a long time ago...in your example, is this:
replace(string, "'","''")
referencing an ASP function you're calling in the page before constructing the T-SQL to send, or is that a call to the T-SQL REPLACE function within the T-SQL you send?
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
March 23, 2012 at 2:24 pm
If you are calling the stored procedure and using parameters then you wouldn't need to escape the single quotes, just have the parameter types set correctly. I can't recall exactly how to do that in classic ADO, but I believe you would create a command, set it's type to stored procedure, and then do command.Parameters.Create() or command.CreateParameter() for each parameter needed
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply