Have you tried using a Tango search action rather than the direct dbms action? I'd be curious to see what the results were. You didn't mention the reason for using the direct dbms. Even if there is a reason why it can't be done with a search action, try the action anyway just to see what the behaviour would be.
Hope this helps, Steve Smith Skadt Information Solutions Office: (519) 624-4388 GTA: (416) 606-3885 Fax: (519) 624-3353 Cell: (416) 606-3885 Email: [EMAIL PROTECTED] Web: http://www.skadt.com > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] > Sent: August 26, 2002 10:44 AM > To: Multiple recipients of list witango-talk > Subject: RE: Witango-Talk: The elusive single quote > > > Thank you, I noticed that Tango does "automagically" add > that second quote. However, although I don't get an > error, the sql select statement fails to locate the > record with the name containing the single quote. It > does however work with the wild card. > > But it should work with the escaped quote, shoudln't it? > > John > > Like Steve says, you want to use ENCODING=SQL (escape single quotes with > > two single quotes, etc.) You should only need to do this in a > direct DBMS > > action, because Tango does it automagically for you in all database > > actions. > > > > On Mon, 26 Aug 2002, Steve Smith wrote: > > > > > I'd look at setting the ENCODING= to SQL for your search value (i.e. > > > <@CGIPARAM ... ENCODING=SQL>. You should also look at the > system value for > > > noSQLEncoding. > > > > > > Hope this helps, > > > > > > Steve Smith > > > > > > Skadt Information Solutions > > > Office: (519) 624-4388 > > > GTA: (416) 606-3885 > > > Fax: (519) 624-3353 > > > Cell: (416) 606-3885 > > > Email: [EMAIL PROTECTED] > > > Web: http://www.skadt.com > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > > > > Sent: August 26, 2002 1:14 AM > > > > To: Multiple recipients of list witango-talk > > > > Subject: Witango-Talk: The elusive single quote > > > > > > > > > > > > I'm sure this has been discussed, but I can't find a > > > > specific reference. I have a user nt login with a > > > > single quote in like o'reilly. I capture the nt login > > > > using the cgiparam. Works great. Then I want to look > > > > up the person in our employee database, currently in ms > > > > access, migrating to SQL server, so the sql in the > > > > search action correctly escapes the single quote with > > > > another single quote. No error is produced, but the > > > > search fails to find the person. I did a workaround in > > > > which I replace the single quote with a % symbol (sql > > > > wildcard). > > > > > > > > instead of user_name like 'o''reilly%' > > > > it is user_name like 'o%reilly%' > > > > > > > > This works, but I wonder if there isn't another way that > > > > I am missing! > > > > > > > > Of course you may also ask why do we allow a user to > > > > have a single quote in their nt login, but that is > > > > another story! > > > > > > > > Thanks, > > > > > > > > John Newsom > > > > > Steve Strickland, > > > > > > > > > > Steve Smith is absolutely right. In the event that a user > left almost > > > > > every field blank, and you had changed every include to > "false," and > > > > > you didn't check for valid and sensible data before the insert > > > > or update, > > > > > then you could conceivably overwrite most of the rows in > your table > > > > > with the values in this update command. But it looks to > me like you > > > > > inserted a row successfully, and don't know what autonumbered > > > > > primary key value was assigned, so you are trying to > update the row > > > > > by looking for exact matches of virtually everything that was just > > > > > inserted. > > > > > > > > > > My approach, (that I think Steve Smith would approve of, > too), would > > > > > be to do a search (not update) with your same where > clause criteria, > > > > > and make sure there is one and only one row that matches, and > > > > > thereby retrieve the real primary key and store it in a > variable. Then > > > > > use that in your update command. > > > > > > > > > > You can also use Witango's check box to prevent nulls in > the fields > > > > > you are using to identify the row, so that an attempt to > update with a > > > > > bunch of blank fields will generate a warning screen. > > > > > > > > > > Bill > > > > > > > > > > On Sun, 25 Aug 2002 22:34:30 -0400, Steve Smith wrote: > > > > > > > > > > >WARNING!!! > > > > > > > > > > > >This is NOT something that you should do with an update action. > > > > > When you do > > > > > >that, and there are no values filled into a field, you could > > > > potentially > > > > > >UPDATE ALL of the records. > > > > > > > > > > > >Bill's advice is true for a search action, but not for > an UPDATE or a > > > > > DELETE > > > > > >action. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ________________________________________________________________________ > > > > > TO UNSUBSCRIBE: send a plain text/US ASCII email to > [EMAIL PROTECTED] > > > > > with unsubscribe witango-talk in the message body > > > > > ________________________________________________________________________ > > > > TO UNSUBSCRIBE: send a plain text/US ASCII email to > [EMAIL PROTECTED] > > > > with unsubscribe witango-talk in the message body > > > > > > > > > > > ________________________________________________________________________ > > > TO UNSUBSCRIBE: send a plain text/US ASCII email to > [EMAIL PROTECTED] > > > with unsubscribe witango-talk in the message body > > > > > > > ________________________________________________________________________ > > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > > with unsubscribe witango-talk in the message body > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body > ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
