Re: ADO exception with character combination inside string...

"Bo Berglund" <bo.berglund@xxxxxxxxx> wrote in message
news:8ch5h2h6k6hel702grsadrd62u4qqrgv3d@xxxxxxxxxx
On 21 Sep 2006 07:28:33 -0700, "Bill Todd" <no@xxxxxx> wrote:

Enclose TNC:\CHARLIE in single quotes. Any database that follows the
SQL standard will assume that a string enclosed in double quotes is a
quoted identifier (table name, field name, etc.) not a string literal.

The string being sent as SQL is composed like this:
SQL := 'UPDATE Categories SET [Description] = ''' + edData.Text + '''
WHERE CategoryID = 4';

Just curious, is there a reason why you are not using parameters? Are there
safeguards protecting the application from SQL injection?

krf


.

Relevant Pages

  • Re: Data type mismatch in criteria expression
    ... Applying those, the SQL ... > to the strSQLDeleteStd variable as such (string). ... > quotes denote String. ... > where you would normally have double quotes in the query SQL. ...
    (microsoft.public.access.queries)
  • Re: Problems with Delete Command
    ... The SQL could get fairly messy if you need to construct it in code, ... ContactID, and WebComID, and create your on-the-fly SQL on that saved query, ... to find the list of ContactIDs from the junction table, ... This is a style/readability thing: if you are going to use string ...
    (microsoft.public.access.tablesdbdesign)
  • Re: using VBA to insert records from access database to sql server
    ... In SQL you 'escape' single quotes by doubling them. ... > Dim oConn As ADODB.Connection ... > Dim strInsert As String ...
    (microsoft.public.access.modulesdaovba)
  • Re: Passing Date Values - Beginner
    ... Everything in a SQL Statement is text. ... > I'm not sure how you constructed your query, ... > reference a variable by name in your code (e.g. Dim s As String) you will ... > note that you don't put quotes around it. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Data type mismatch in criteria expression
    ... My first rule in writing SQL expressions is "keep it simple"; this practically means, strip out anything unnecessary that Access puts in the SQL expression of a query. ... An SQL expression in VBA code is essentially a string expression; this is what a DoCmd.RunSQL or CurrentDb.Execute expects as an argument. ... Therefore, it is enclosed in double quotes, to denote the value assigned to the strSQLDeleteStd variable as such. ... The single quotes denote that the text between them within the overall string, is to be treated as a string on its own right; they are used where you would normally have double quotes in the query SQL. ...
    (microsoft.public.access.queries)