Hi, I am new here, I am trying to insert a comment about a particular item, and the description, if it contains an apostorphe ' or quotes " it plays hanky panky with the insert statement, how can I have my insert statement insert ALL of the charachters, including apostorphies, etc...

here's the code in question, and i get an error when i try to insert anything with an apostrophe.

sql = "INSERT into project_tbl (project_name, description, creation_date) VALUES ('" & projectname & "','" & projectdescription & "','" & createdate & "')"


In this example I have the database trying to insert when "projectdescription = description's" . But if I enter descriptions without the apostrophe, it works...is there some sort of tag, or delimiting mark I can put on the statment telling it to accept all values verbatum, and not try to parse them? Thank you!

Well, I found the answer! well, an answer. Using VBscript, replace all single apostrophe's with a double apostrophe. As SQL interprets a double apostrophe " '' " as a single one.



I implimented this code

projectname = request.form("newname")
projectname = replace (projectname, "'","''")
projectdescription = request.form("newdesc")
projectdescription = replace (projectdescription, "'","''")



For the two fields which could contain an apostrophe, it works great!

All what you need - its escaping all extra characters.

You can do this by use PHP function mysql_real_escape_string

Example:
$item = "Zak's and Derick's Laptop";
$escaped_item = mysql_real_escape_string($item);


----
Sincerely,
Andrew A.Romanchenko
Programmer of Rapid Internet Development Department
Alar Information Technologies, www.alarit.com

http://www.AlarIT.com

or in Perl by calling the DBI escape() sub, or by using placeholders in the query & then supplying a list of values in the execute() call.

Philip
------------------
Limecat is not pleased.

try this one it is work for me

$yourdata =~ s/\'/\'\'/g;

You should use $dbi->escape as fuzzy thoughts mentioned, that's what it is there for :)