Hi,
I have a edit box on the maintain screen through which value is coming and it is used in sql query further. Everything works fine but when value with single quote (')is passed through edit box, the sql query fails. Can someone please help me in handle this scenario.

compute adis/i11;

compute SQLADDUSER/A100V = "insert into test values ('ABC','"|testvar|"');";

adis=sys_mgr.engine("SQLORA","SET DEFAULT_CONNECTION CONN_PROJ" );
 
adis=sys_mgr.engine("SQLORA",SQLADDUSER);
 
adis=sys_mgr.engine("SQLORA","commit");
  

Thanks.
Anil

This message has been edited. Last edited by: <Kathryn Henning>,

Hi,
Can somebody reply to this Please.

Thanks.
Anil

Anil

What is the error, or what is happening?

I would tend to use a0 format for testvar and SQLADDUSER, which I have used and it works for me. The a100v format will give a fixed length variable when used, despite having a variable format. a0 is the most useful for this type of process.

Anil
In this scenario is testvar the value that is being passed in from the editbox? If so, is a single quote a valid value? If not you can use JavaScript to make sure that a single quote is not passed in. If it IS a valid character, is the error coming from the compute statement or the SQL insert statement?

WebFOCUS has the QUOTEDSTRING command, but I don't think that will work in Maintain. We may have to pass the variables to a Focexec using the EXEC command and do the SQL INSERT there.

Mark

Anil / Mark

Single quote should pass through the EDIT box unharmed. I've done a quick get on it and seems to be ok.

I've also passed a similar string to SQL Server, with correct insert results as well.

This message has been edited. Last edited by: Alan B,