Damned Single Quote and SQL Server 2000 (1 Viewer)

david.brent

Registered User.
Local time
Today, 19:01
Joined
Aug 25, 2004
Messages
57
I know the single quote issue is well documented throughout t'internet but I can't find reference to my particular problem. I have also read up on SQL injection.

I have my data and stored procedure in an SQL 2000 database. I have an HTML page with 2 input boxes - 1 numeric and 1 text. The 2 boxes are intended as references. The can be used independantly and in conjunction. Everything is fine with the numeric box. The text one is a different matter.

Some of the references have a single quote in them. No problem just use Replace(string,"'","''"). Sadly this does not work for me. I get a record count of 0 and no records are returned. If I don't use Replace I get a record count of say 20 and a very strange table layout.

The first record is displayed as should be however, the rest of the records are just stuffed at the end of this record. The whole record doesn't show just the fields after the reference.

I am at a complete loss. Has anyone come across this proble before? I would be very grateful if you could give me your views/ideas on this.

Thank You.
 

Kodo

"The Shoe"
Local time
Today, 15:01
Joined
Jan 20, 2004
Messages
707
The apostrophe problem is only for inserts, not selects.
lets see your code and some sample data.
 

david.brent

Registered User.
Local time
Today, 19:01
Joined
Aug 25, 2004
Messages
57
Sorted now thanks

I've sorted this out now. The last column in my html table is a hyperlink to another page. It has details of the references input by the user. This hyperlink was terminating at the single quote. As the references on the next page are for display only, I did a replace(string,"'","***") in the hypherlink and a replace(string,"***","'") on the next page. I know it's not elegent but it will do for now.

Thanks for the help (again) Kodo. :D
 

Users who are viewing this thread

Top Bottom