Names with apostrophes

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

It appears that your queries does not handle names with apostrophes -- such as selecting the 2012 All Amatuers database then selecting a thrower like Jon O'Neil results in the following error message:  
Microsoft JET Database Engine
 error 
'80040e14' 
Syntax error (missing operator) in query expression 
'Year(Games.Gamesstart) = 2012 AND Athletes.Firstname='Jon' AND 
Athletes.Lastname='O'Neil' ORDER BY Games.Gamesstart;'. 
/dbase/resultsathlete3.asp, line 74 
Or when you select the person directly from the main menu, the following error is generated 

Microsoft VBScript runtime 
error 
'800a0005' 
Invalid procedure call or argument: 'Left' 
/dbase/resultsathlete3.asp, line 44 
my guess and the obvious guess is the SQL is being screwed up by the apostrophe in the throwers name -- In case you did not knwo, I though you should be made aware of this .

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
McSanta Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Postaholic Joined: 4/12/05 Location: United States Status: Offline Points: 1595	Post Options Post Reply Quote McSanta Report Post Thanks(0) Quote Reply Topic: Names with apostrophes Posted: 1/11/13 at 7:56am
	It appears that your queries does not handle names with apostrophes -- such as selecting the 2012 All Amatuers database then selecting a thrower like Jon O'Neil results in the following error message: Microsoft JET Database Engine error '80040e14' Syntax error (missing operator) in query expression 'Year(Games.Gamesstart) = 2012 AND Athletes.Firstname='Jon' AND Athletes.Lastname='O'Neil' ORDER BY Games.Gamesstart;'. /dbase/resultsathlete3.asp, line 74 Or when you select the person directly from the main menu, the following error is generated Microsoft VBScript runtime error '800a0005' Invalid procedure call or argument: 'Left' /dbase/resultsathlete3.asp, line 44 my guess and the obvious guess is the SQL is being screwed up by the apostrophe in the throwers name -- In case you did not knwo, I though you should be made aware of this .
	Mark McVey "The work of science is to substitute facts for appearances and demonstrations for impressions." -John Ruskin

Max5684 Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 7/21/14 Location: Springfield, IL Status: Offline Points: 2	Post Options Post Reply Quote Max5684 Report Post Thanks(0) Quote Reply Posted: 7/21/14 at 3:19pm
	You are correct. This is a problem with the query string not being properly sanitized before being run against the database. You can get around this by two single quotes ('') - not a double quote (") - in place of the single quote. I have asked the owner of the database to let me lend a hand with rewriting the back-end and interface but I haven't heard back yet.