Like Steve says, you want to use ENCODING=SQL (escape single quotes with two single quotes, etc.) You should only need to do this in a direct DBMS action, because Tango does it automagically for you in all database actions.
On Mon, 26 Aug 2002, Steve Smith wrote: > I'd look at setting the ENCODING= to SQL for your search value (i.e. > <@CGIPARAM ... ENCODING=SQL>. You should also look at the system value for > noSQLEncoding. > > Hope this helps, > > Steve Smith > > Skadt Information Solutions > Office: (519) 624-4388 > GTA: (416) 606-3885 > Fax: (519) 624-3353 > Cell: (416) 606-3885 > Email: [EMAIL PROTECTED] > Web: http://www.skadt.com > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] > > Sent: August 26, 2002 1:14 AM > > To: Multiple recipients of list witango-talk > > Subject: Witango-Talk: The elusive single quote > > > > > > I'm sure this has been discussed, but I can't find a > > specific reference. I have a user nt login with a > > single quote in like o'reilly. I capture the nt login > > using the cgiparam. Works great. Then I want to look > > up the person in our employee database, currently in ms > > access, migrating to SQL server, so the sql in the > > search action correctly escapes the single quote with > > another single quote. No error is produced, but the > > search fails to find the person. I did a workaround in > > which I replace the single quote with a % symbol (sql > > wildcard). > > > > instead of user_name like 'o''reilly%' > > it is user_name like 'o%reilly%' > > > > This works, but I wonder if there isn't another way that > > I am missing! > > > > Of course you may also ask why do we allow a user to > > have a single quote in their nt login, but that is > > another story! > > > > Thanks, > > > > John Newsom > > > Steve Strickland, > > > > > > Steve Smith is absolutely right. In the event that a user left almost > > > every field blank, and you had changed every include to "false," and > > > you didn't check for valid and sensible data before the insert > > or update, > > > then you could conceivably overwrite most of the rows in your table > > > with the values in this update command. But it looks to me like you > > > inserted a row successfully, and don't know what autonumbered > > > primary key value was assigned, so you are trying to update the row > > > by looking for exact matches of virtually everything that was just > > > inserted. > > > > > > My approach, (that I think Steve Smith would approve of, too), would > > > be to do a search (not update) with your same where clause criteria, > > > and make sure there is one and only one row that matches, and > > > thereby retrieve the real primary key and store it in a variable. Then > > > use that in your update command. > > > > > > You can also use Witango's check box to prevent nulls in the fields > > > you are using to identify the row, so that an attempt to update with a > > > bunch of blank fields will generate a warning screen. > > > > > > Bill > > > > > > On Sun, 25 Aug 2002 22:34:30 -0400, Steve Smith wrote: > > > > > > >WARNING!!! > > > > > > > >This is NOT something that you should do with an update action. > > > When you do > > > >that, and there are no values filled into a field, you could > > potentially > > > >UPDATE ALL of the records. > > > > > > > >Bill's advice is true for a search action, but not for an UPDATE or a > > > DELETE > > > >action. > > > > > > > > > > > > > > > > > > ________________________________________________________________________ > > > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > > > with unsubscribe witango-talk in the message body > > ________________________________________________________________________ > > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > > with unsubscribe witango-talk in the message body > > > > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body > ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
