number format

**Anthony Jones** · Sep 23 '08, 01:15 PM

Re: number format

"M. Savas Zorlu" <savas@zorlumai l.comwrote in message
news:O0iYd$VHJH A.3668@TK2MSFTN GP05.phx.gbl...

Hi,
>
Our thousand seperator is period, and decimal seperator is comma.
>
so a number looks like this: 1.456,60
>
formatnumber() produces above format.
>
When entering this value into database, I get error, because comma is also
used by SQL to separate records.
>
If the number is smaller than thousand, I can solve thi sby replacing
comma with period. but when the number is thousand or greater, I cant fix
it.
>
Can anyone tell me a workaround for this please?
>

Stop using formatnumber for this job. Also you are probably using string
contentation to build up your SQL string including the parameter. Stop
doing that as well. Use a command object and add parameters for the
appropriate type.

--
Anthony Jones - MVP ASP/ASP.NET

**M. Savas Zorlu** · Sep 23 '08, 01:25 PM

Re: number format

Hi Anthony,

Can you please explain string contentation? and can you please give an
example of using a command object?

regards,

Savas

Anthony Jones wrote:

"M. Savas Zorlu" <savas@zorlumai l.comwrote in message
news:O0iYd$VHJH A.3668@TK2MSFTN GP05.phx.gbl...

>Hi,
>>
>Our thousand seperator is period, and decimal seperator is comma.
>>
>so a number looks like this: 1.456,60
>>
>formatnumber () produces above format.
>>
>When entering this value into database, I get error, because comma is
>also used by SQL to separate records.
>>
>If the number is smaller than thousand, I can solve thi sby replacing
>comma with period. but when the number is thousand or greater, I cant
>fix it.
>>
>Can anyone tell me a workaround for this please?
>>

>
>
Stop using formatnumber for this job. Also you are probably using
string contentation to build up your SQL string including the
parameter. Stop doing that as well. Use a command object and add
parameters for the appropriate type.
>
>
>

**Anthony Jones** · Sep 23 '08, 01:35 PM

Re: number format

"M. Savas Zorlu" <savas@zorlumai l.comwrote in message
news:u06eP9XHJH A.3548@TK2MSFTN GP05.phx.gbl...

Hi Anthony,
>
Can you please explain string contentation?

sSQL = "UPDATE myTable SET myField = " & myNumber

The problem is if myNumber is ultimately supplied by the client a malicious
person can inject SQL code that will do bad things. Search google for SQL
Injection.

and can you please give an example of using a command object?
>

See this:-

Accessing Data with ADO

http://msdn.microsoft.com/en-us/library/ms524771.aspx

--
Anthony Jones - MVP ASP/ASP.NET

**M. Savas Zorlu** · Sep 23 '08, 06:25 PM

Re: number format

Thanks Anthony

Anthony Jones wrote:

"M. Savas Zorlu" <savas@zorlumai l.comwrote in message
news:u06eP9XHJH A.3548@TK2MSFTN GP05.phx.gbl...

>Hi Anthony,
>>
>Can you please explain string contentation?

>
sSQL = "UPDATE myTable SET myField = " & myNumber
>
The problem is if myNumber is ultimately supplied by the client a
malicious person can inject SQL code that will do bad things. Search
google for SQL Injection.
>

>and can you please give an example of using a command object?
>>

>
See this:-

Accessing Data with ADO

http://msdn.microsoft.com/en-us/library/ms524771.aspx

>

number format

number format

Comment

Comment

Comment

Comment