if tango config has Nosqlencoding=true and arg lastname = O'Grady and it's in the database as O'Grady
sel fullname from employee where lastname = '<@arg lastname encoding=sql>' should yield all lastname=O'Grady -----Original Message----- From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> To: Multiple recipients of list witango-talk <[EMAIL PROTECTED]> Date: Monday, August 26, 2002 7:51 AM Subject: RE: Witango-Talk: The elusive single quote >Thank you, I noticed that Tango does "automagically" add >that second quote. However, although I don't get an >error, the sql select statement fails to locate the >record with the name containing the single quote. It >does however work with the wild card. > >But it should work with the escaped quote, shoudln't it? > >John >> Like Steve says, you want to use ENCODING=SQL (escape single quotes with >> two single quotes, etc.) You should only need to do this in a direct DBMS >> action, because Tango does it automagically for you in all database >> actions. >> >> On Mon, 26 Aug 2002, Steve Smith wrote: >> >> > I'd look at setting the ENCODING= to SQL for your search value (i.e. >> > <@CGIPARAM ... ENCODING=SQL>. You should also look at the system value for >> > noSQLEncoding. >> > >> > Hope this helps, >> > >> > Steve Smith >> > >> > Skadt Information Solutions >> > Office: (519) 624-4388 >> > GTA: (416) 606-3885 >> > Fax: (519) 624-3353 >> > Cell: (416) 606-3885 >> > Email: [EMAIL PROTECTED] >> > Web: http://www.skadt.com >> > >> > >> > > -----Original Message----- >> > > From: [EMAIL PROTECTED] >> > > [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] >> > > Sent: August 26, 2002 1:14 AM >> > > To: Multiple recipients of list witango-talk >> > > Subject: Witango-Talk: The elusive single quote >> > > >> > > >> > > I'm sure this has been discussed, but I can't find a >> > > specific reference. I have a user nt login with a >> > > single quote in like o'reilly. I capture the nt login >> > > using the cgiparam. Works great. Then I want to look >> > > up the person in our employee database, currently in ms >> > > access, migrating to SQL server, so the sql in the >> > > search action correctly escapes the single quote with >> > > another single quote. No error is produced, but the >> > > search fails to find the person. I did a workaround in >> > > which I replace the single quote with a % symbol (sql >> > > wildcard). >> > > >> > > instead of user_name like 'o''reilly%' >> > > it is user_name like 'o%reilly%' >> > > >> > > This works, but I wonder if there isn't another way that >> > > I am missing! >> > > >> > > Of course you may also ask why do we allow a user to >> > > have a single quote in their nt login, but that is >> > > another story! >> > > >> > > Thanks, >> > > >> > > John Newsom >> > > > Steve Strickland, >> > > > >> > > > Steve Smith is absolutely right. In the event that a user left almost >> > > > every field blank, and you had changed every include to "false," and >> > > > you didn't check for valid and sensible data before the insert >> > > or update, >> > > > then you could conceivably overwrite most of the rows in your table >> > > > with the values in this update command. But it looks to me like you >> > > > inserted a row successfully, and don't know what autonumbered >> > > > primary key value was assigned, so you are trying to update the row >> > > > by looking for exact matches of virtually everything that was just >> > > > inserted. >> > > > >> > > > My approach, (that I think Steve Smith would approve of, too), would >> > > > be to do a search (not update) with your same where clause criteria, >> > > > and make sure there is one and only one row that matches, and >> > > > thereby retrieve the real primary key and store it in a variable. Then >> > > > use that in your update command. >> > > > >> > > > You can also use Witango's check box to prevent nulls in the fields >> > > > you are using to identify the row, so that an attempt to update with a >> > > > bunch of blank fields will generate a warning screen. >> > > > >> > > > Bill >> > > > >> > > > On Sun, 25 Aug 2002 22:34:30 -0400, Steve Smith wrote: >> > > > >> > > > >WARNING!!! >> > > > > >> > > > >This is NOT something that you should do with an update action. >> > > > When you do >> > > > >that, and there are no values filled into a field, you could >> > > potentially >> > > > >UPDATE ALL of the records. >> > > > > >> > > > >Bill's advice is true for a search action, but not for an UPDATE or a >> > > > DELETE >> > > > >action. >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > ________________________________________________________________________ >> > > > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] >> > > > with unsubscribe witango-talk in the message body >> > > ________________________________________________________________________ >> > > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] >> > > with unsubscribe witango-talk in the message body >> > > >> > >> > ________________________________________________________________________ >> > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] >> > with unsubscribe witango-talk in the message body >> > >> >> ________________________________________________________________________ >> TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] >> with unsubscribe witango-talk in the message body >________________________________________________________________________ >TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body > ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
