SQL insert into database with apostrophe
I am running a program on classic ASP and inserting into a database with the following:
CreateJob.CommandText = \"INSERT INTO dbo.Jobs (JobID, CompanyName, D
-
Replace isn't the way to go here, you are already using a
ADODB.Commandobject so why not use a parameterised query.Try this;
As you haven't provided information on your field types I can only speculate so instead I've added
[datatype]and[size]placeholders for you to replace with ADO data type constants. A good resource for how data types in T-SQL map to ado is this article - Data Type Mappingsql = "" sql = sql & "INSERT INTO dbo.Jobs (" & vbCrLf sql = sql & "JobID, CompanyName, DateReceived, DateOfDocument, ClientReference" & vbCrLf sql = sql & ", Subject, TypeOfService,DueDate,AssignedAgent, ClientName, Plaintiff" & vbCrLf sql = sql & ", Defendant1, Defendant2, Defendant3, CourtJurisdiction, Court" & vbCrLf sql = sql & ", Subtype, CourtNumber, Amount, ServiceMethod, JobNotes, JobStatus" & vbCrLf sql = sql & ", CreatedBy, CreatedDate" & vbCrLf sql = sql & ") VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);" With CreateJob .ActiveConnection = "yourconnectionstring" .CommandType = adCmdText .CommandText = sql 'Add your parameters (all 24 of them in order) 'Assumed JobID is int which equates to adInteger ADO data type constant. .Parameters.Append(.CreateParameter("@JobID", adInteger, adParamInput, 4)) .Parameters.Append(.CreateParameter("@CompanyName", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@DateReceived", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@DateOfDocument", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@ClientReference", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@Subject", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@TypeOfService", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@DueDate", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@AssignedAgent", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@ClientName", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@Plaintiff", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@Defendant1", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@Defendant2", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@Defendant3", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@CourtJurisdiction", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@Court", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@Subtype", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@CourtNumber", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@Amount", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@ServiceMethod", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@JobNotes", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@JobStatus", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@CreatedBy", [datatype], adParamInput, [size])) .Parameters.Append(.CreateParameter("@CreatedDate", [datatype], adParamInput, [size])) 'Specify your parameter values may need some conversion based on what you are passing. .Parameters("@JobId").Value = Request.QueryString("jobid") 'Add the other 23 parameters as the above line. '... 'Doing an INSERT no need to return recordset Call .Execute(adExecuteNoRecords) End With Set CreateJob = Nothing讨论(0)
加载中...
- 热议问题