Re: ADO exception with character combination inside string...

From: "Kevin Frevert" <kevin@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 21 Sep 2006 12:16:21 -0500

"Bo Berglund" <bo.berglund@xxxxxxxxx> wrote in message
news:8ch5h2h6k6hel702grsadrd62u4qqrgv3d@xxxxxxxxxx

On 21 Sep 2006 07:28:33 -0700, "Bill Todd" <no@xxxxxx> wrote:

Enclose TNC:\CHARLIE in single quotes. Any database that follows the
SQL standard will assume that a string enclosed in double quotes is a
quoted identifier (table name, field name, etc.) not a string literal.

The string being sent as SQL is composed like this:
SQL := 'UPDATE Categories SET [Description] = ''' + edData.Text + '''
WHERE CategoryID = 4';

Just curious, is there a reason why you are not using parameters? Are there
safeguards protecting the application from SQL injection?

krf

.

Follow-Ups:
- Re: ADO exception with character combination inside string...
  - From: Bo Berglund

References:
- ADO exception with character combination inside string...
  - From: Bo Berglund
- Re: ADO exception with character combination inside string...
  - From: Bo Berglund
- Re: ADO exception with character combination inside string...
  - From: Brian Bushay TeamB
- Re: ADO exception with character combination inside string...
  - From: Bo Berglund
- Re: ADO exception with character combination inside string...
  - From: Bill Todd
- Re: ADO exception with character combination inside string...
  - From: Bo Berglund

Prev by Date: Re: ADO exception with character combination inside string...
Next by Date: TADOQuery Error Handling
Previous by thread: Re: ADO exception with character combination inside string...
Next by thread: Re: ADO exception with character combination inside string...
Index(es):
- Date
- Thread

Relevant Pages

Re: Update existing values incrementally w/UPDATE SQL
... and in the book; Access 2007 VBA Programmer's Reference. ... As far as quotes go, this was one of the trickiest ... Consider vba's interpretation of a string: ... when an SQL is processed (I use an SQL example because it is the most ...
(microsoft.public.access.modulesdaovba)
Re: Update existing values incrementally w/UPDATE SQL
... pretend that Me.txtString is a control on your form, ... You cant put Me.txtString inside the double quotes, or VBA just reads it as a ... and in the book; Access 2007 VBA Programmer's Reference. ... when an SQL is processed (I use an SQL example because it is the most ...
(microsoft.public.access.modulesdaovba)
Re: Data type mismatch in criteria expression
... Applying those, the SQL ... > to the strSQLDeleteStd variable as such (string). ... > quotes denote String. ... > where you would normally have double quotes in the query SQL. ...
(microsoft.public.access.queries)
Re: Problems with Delete Command
... The SQL could get fairly messy if you need to construct it in code, ... ContactID, and WebComID, and create your on-the-fly SQL on that saved query, ... to find the list of ContactIDs from the junction table, ... This is a style/readability thing: if you are going to use string ...
(microsoft.public.access.tablesdbdesign)
Re: using VBA to insert records from access database to sql server
... In SQL you 'escape' single quotes by doubling them. ... > Dim oConn As ADODB.Connection ... > Dim strInsert As String ...
(microsoft.public.access.modulesdaovba)