tags:

views:

30

answers:

1
+1  Q: 

Sanitizing a string in Access 2003 SQL: Problem with '

I'm writing a query that has to count the number of students enrolled in a course, and the way I'm doing it is like this:

DCount("[student/course table].[Student ID]","[student/course table]","[StartDate] = #" & [Course Start Date] & "# AND Location = '" & tblCourseDetails.Location & "' AND [Course Number] = '" & [Course Number] & "'")

The problem is that Location can contain apostrophes, which throws errors into my results. This seems to screw up a lot of things (like it asks for me to enter a parameter twice). Is there any simple way to get around apostrophes? I was thinking maybe using Replace()=Replace() which would be a pretty simple solution, but if there's any other ways around this I'd like to know.

I'm not too worried about SQL injection. To use this query you'd have pretty much access to the database anyways.

This isn't my whole query, if you think I should post it, tell me.

+3  A: 

You need to add an escape character. For access I believe it is '' for '.

So find and replace ' with '' and you should be good to go.

Edit: That is an extra apostrophe, not a double quotation mark.

Replace(tblCourseDetails.Location, "'", "''")
buckbova  2010-07-13 17:35:06
Jeff  2010-07-13 17:49:29
Remou  2010-07-13 18:10:04
Jeff  2010-07-13 18:18:48
@Jeff I'm sorry I'm a bit confused by your last question.
buckbova  2010-07-13 18:31:34
It's nothing important, but whenever I run Repalce(Location, "'", "''") within the DCount criteria string, it gives me a syntax error. I believe it's because it's going outside of the string with the first ". But I'm not sure
Jeff  2010-07-13 18:48:24
Yes, you can put Replace in DCount, but I cannot think of a reason why you would want to `DCount("*","Example","Data=Replace(Data,""'"",""''"")")`
Remou  2010-07-13 19:12:31
It's more for understanding how strings work in SQL I suppose. So " in front of a " (like "") escapes the "? Are most things escaped by doubling themselves?
Jeff  2010-07-13 19:22:31
While you can use DCount in SQL inside Access, it is not standard SQL. Double quotes are more VBA than SQL, and doubling is only for quotes, not other special characters.
Remou  2010-07-13 20:19:36

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP