I'd look at setting the ENCODING= to SQL for your search value (i.e. <@CGIPARAM ... ENCODING=SQL>. You should also look at the system value for noSQLEncoding.
Hope this helps, Steve Smith Skadt Information Solutions Office: (519) 624-4388 GTA: (416) 606-3885 Fax: (519) 624-3353 Cell: (416) 606-3885 Email: [EMAIL PROTECTED] Web: http://www.skadt.com > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] > Sent: August 26, 2002 1:14 AM > To: Multiple recipients of list witango-talk > Subject: Witango-Talk: The elusive single quote > > > I'm sure this has been discussed, but I can't find a > specific reference. I have a user nt login with a > single quote in like o'reilly. I capture the nt login > using the cgiparam. Works great. Then I want to look > up the person in our employee database, currently in ms > access, migrating to SQL server, so the sql in the > search action correctly escapes the single quote with > another single quote. No error is produced, but the > search fails to find the person. I did a workaround in > which I replace the single quote with a % symbol (sql > wildcard). > > instead of user_name like 'o''reilly%' > it is user_name like 'o%reilly%' > > This works, but I wonder if there isn't another way that > I am missing! > > Of course you may also ask why do we allow a user to > have a single quote in their nt login, but that is > another story! > > Thanks, > > John Newsom > > Steve Strickland, > > > > Steve Smith is absolutely right. In the event that a user left almost > > every field blank, and you had changed every include to "false," and > > you didn't check for valid and sensible data before the insert > or update, > > then you could conceivably overwrite most of the rows in your table > > with the values in this update command. But it looks to me like you > > inserted a row successfully, and don't know what autonumbered > > primary key value was assigned, so you are trying to update the row > > by looking for exact matches of virtually everything that was just > > inserted. > > > > My approach, (that I think Steve Smith would approve of, too), would > > be to do a search (not update) with your same where clause criteria, > > and make sure there is one and only one row that matches, and > > thereby retrieve the real primary key and store it in a variable. Then > > use that in your update command. > > > > You can also use Witango's check box to prevent nulls in the fields > > you are using to identify the row, so that an attempt to update with a > > bunch of blank fields will generate a warning screen. > > > > Bill > > > > On Sun, 25 Aug 2002 22:34:30 -0400, Steve Smith wrote: > > > > >WARNING!!! > > > > > >This is NOT something that you should do with an update action. > > When you do > > >that, and there are no values filled into a field, you could > potentially > > >UPDATE ALL of the records. > > > > > >Bill's advice is true for a search action, but not for an UPDATE or a > > DELETE > > >action. > > > > > > > > > > > > ________________________________________________________________________ > > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > > with unsubscribe witango-talk in the message body > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body > ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
