Use SQL statements frequently when dealing with databases, unless you are all bound by controls, but there are drawbacks to using control bindings in the form of poor flexibility, inefficiency, weak functionality, and so on. As a result, most programmers rarely or rarely use this binding approach. In the case of non binding, many programmers overlook the special handling of single quotes. Once the variables of the query condition of the SQL statement appear in single quotes, the database engine complains that the SQL syntax is incorrect, and I find that there are two ways to solve and deal with this single quote (in VB example).
Method One: Use the escape character to process the SQL statement. The following function can be invoked before executing the SQL statement, and the result of the processing will produce the correct knot
Fruit.
Function processstr (str as String)
Dim Pos as Integer
Dim Stedest as String
pos = InStr (str, "'")
While POS > 0
str = Mid (str, 1, POS) & "'" & Mid (str, POS + 1)
pos = INSTR (pos + 2, str, "'")
Wend
PROCESSSTR = str
End Function
Where the str parameter is your SQL string. Once the function finds a single quotation mark in the string, it is preceded by a single quote.
Method Two: Using the parameters in the data object. You can use the Adodb.command object to pass strings that contain single quotes to the command, and then perform a search
Inquiries, etc. can be done.
The above two methods are compared, the method increases the system processing time, the method two succinct, the efficiency, if uses the stored procedure, then passes the parameter to the stored procedure, the stored procedure is precompiled, thus the system efficiency is higher.