Syntax Error (input character)

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • werks
    New Member
    • Dec 2007
    • 218
    #1

    Syntax Error (input character)

    Hello

    Every time i input the character ' and % in the textfield it generate an error in my query.

    The error:
    Syntax error in query expression 'Title LIKE '%' %%';'.

    My code:
    [CODE=asp]
    adoList.Open "SELECT * FROM qryOPAC WHERE Title LIKE '%" & varExp & "%';",CoNN, 3,3
    [/CODE]

    tnx in advance..

    --
    Kenneth
    "Better Than Yesterday"
    Tags: None
    • jagged
      New Member
      • Feb 2008
      • 23
      #2
      Originally posted by werks
      Hello

      Every time i input the character ' and % in the textfield it generate an error in my query.

      The error:
      Syntax error in query expression 'Title LIKE '%' %%';'.

      My code:
      [CODE=asp]
      adoList.Open "SELECT * FROM qryOPAC WHERE Title LIKE '%" & varExp & "%';",CoNN, 3,3
      [/CODE]

      tnx in advance..

      --
      Kenneth
      "Better Than Yesterday"

      Escape all single quotes...
      Code:
      WHERE Title LIKE '%" & Replace(varExp,"'","''") & "%';"
      .


      Btw, running dynamic sql with parts taken straight from user input opens you up to sql injection attacks...

        Comment

        Previous template Next
        Working...