Dealing With Quotes in Text Fields

Submitted by admin on Thursday, March 19, 2009 - 14:21.

The following tutorial is taken from the internet when I started working with my Library System using MS Access.

I googled this topic to find the author but I can't find him.

This tutorial will handle a text field that contain a value with apostrophe, single or double quotation.

I added it here so other programmer will benefit from this code. You can use this in visual basic or MS Access program.

 

When building an sql statement that contains text fields it usually happens

that one or more fields ends up containing a single or double quotation

mark. This can cause the statement to fail. For example, consider:

strSQL="Select CustName,CustID From CustTable 

     Where CustName = '" & strName & "'"

If the strName variable contains plain text like "Acme" then the statement passed to the database engine reads "...CustName = 'Acme'" and it works fine. If the customer name is "John's Market" the database engine sees "...CustName = 'John's Market' " and has no idea how to handle the stuff after the closing quote it sees after "John".

There are three ways around this:

1. Translate all single quotes to some other character and/or disallow them

2. Use double quotes instead of single quotes. The chance of a text field containing double quotes is usually pretty slim and they can be changed or disallowed if necessary

3. Double the single quotes in the field -- the data base engine should correctly recognize doubled quotes as indicating a single quote in the data and store it as such.

The following function takes a text field and checks it for quotes. If no single quotes are found it returns it surrounded by single quotes. If any single quotes are found but no double quotes it surrounds it with double quotes. If both characters exist it doubles the single quotes and uses single quotes around it:

 

  1.  
  2. Function QuotedText(ByVal strText As String) As String    
  3.    Dim strOut As String    
  4.    Dim x As Integer
  5.  
  6.    If InStr(strText, "'") = 0 Then
  7.       ' no single quote found -- use them
  8.  
  9.       strOut = "'" & strText & "'"
  10.    ElseIf InStr(strText, Chr$(34)) = 0 Then
  11.       'single but no double -- use doubles
  12.  
  13.       strOut = Chr$(34) &amp; strText &amp; Chr$(34)</p>
  14.    Else
  15.       ' double-up single quotes
  16.       x = InStr(strText, "'")
  17.  
  18.       Do While x
  19.          strOut = Left$(strText, x) &amp; "'" &amp; Mid$(strText, x + 1)
  20.  
  21.          strText = strOut
  22.  
  23.          x = InStr(x + 2, strText, "'")
  24.       Loop
  25.    strOut = "'" &amp; strText &amp; "'"
  26.    End If
  27.    ' the DB engine also dislikes pipe characters so I lose them...
  28.    x = InStr(strText, "|")
  29.    Do While x > 0
  30.       Mid$(strOut, x, 1) = "!"
  31.       x = InStr(strOut, "|")
  32.    Loop
  33.    QuotedText = strOut
  34. End Function

 

 

To use it, do something like:

strSQL="Select CustName,CustID From CustTable 
     Where CustName = " & QuotedText(strName)

     strName              output
     Acme                    'Acme'
     John's Market     "John's Market"
     Jay's "Bistro"       'Jay''s "Bistro"'

 

Tags

Comments

Submitted byAnonymous (not verified)on Fri, 03/20/2009 - 10:01

Hellow Jomar, how are you? I hope, you are fine. I saw your Billing System. I like very much. Your coding sytle very unique than others. Designing also beautiful and natural.

I am begginer in Visual Basic 6.0. I need source code of School fee billing system and Quiz Contest software in Visual Basic 6.0. Please help me. I am  Deepak Dhingal from Nepal.

See you soon. Take Care Bye.

My e-mail: [email protected]

Submitted byadminon Fri, 03/20/2009 - 17:18

Thank you. I have an ms access version of billing system for school and I will for my archive about quiz contest. It's been a long time since I made this source code and I forgot if I put it in my archive. I will tell you if I found it.
Submitted byAnonymous (not verified)on Sat, 10/17/2009 - 16:49

Hi Jomar. I have a question on setting-up workstations on a computer lab or computer shop. Do we need to modify the Registry Editor so that every time a user boots the workstation, the screensaver appears and not the desktop? (User uses workstation after admin allows access for him). Thanks a lot.

The best software for computer lab can be found at http://www.netop.com. But if you'd like a screensaver to run then modify a registry is the best solution. You can even add it in your start up programs.
Submitted byAnonymous (not verified)on Mon, 01/18/2010 - 15:21

we need enrollment system for our thesis. visual basic naman sya.thanks.
Submitted byAnonymous (not verified)on Fri, 03/12/2010 - 06:12

I can hack accounts for passwords. Currently I am able to get passwords from Myspace.com, Facebook.com, AOL, Gmail, Yahoo, LocalNet, World Of Warcraft. Can also get Landline Phone Records and Cell Phone Records/Account Information. My methods employ the use of current 0-Day Exploits along with other misellaneous programs I currently have on my computer that make me able to hack into all these various types of accounts for passwords and/or Login Information to account access. If you have any questions or are interested in the current services I have to offer than E-mail me at: [email protected] SpyDr ByTe

Add new comment

About text formats