0

Stored procedure, and using ADO to connect, i'm having problems with the quotes however..

    x = "text'"

    If instr(x,"'") then x=replace(x,"'","''")

    'x = "text''" at this point

    Set Rs = Server.Createobject("adodb.recordset")
    Rs.Open "Select_SP @name='" & x & "'"

I thought i was doing this right.. But I guess not, because i'm getting this error:

    Microsoft OLE DB Provider for SQL Server  error '80040e14' 
    SELECT ID from Table where Name='text''

Shouldn't it be

Name = 'text'''

Why isn't SQL recognizing the double quotes using ADO?

The Select_SP Uses something like this:

     SET @sql = 'SELECT ID from Table where Name='''+@name+''''
     Exec(@sql)

Do I have this SP written correctly?

Control Freak
  • 12,965
  • 30
  • 94
  • 145

1 Answers1

1

The short answer is, don't call procedures the way you're doing it. Use a Command instead. This is from memory, since I don't have a Windows system in front of me at the moment, but it should work:

Dim cmd
Set cmd = Server.CreateObject("ADODB.Command")
Set Cmd.ActiveConnection = myConnectionVariableHere
cmd.CommandType = adCmdStoredProc
cmd.CommandText = "Select_SP"

'Note: if the above two lines don't work, replace them with the following
'cmd.CommandType = adCmdText
'cmd.CommandText = "Select_CP @name=?"

cmd.Parameters.Append cmd.CreateParameter("name", adVarChar, adParamInput, len(x), x)
Rs.Open cmd

Now, all that said, I can't tell you why your procedure is giving that particular output since you're not showing us the code for it. But I'm fairly certain ADO isn't going to convert a pair of single quotes into a double quote - not sure why you'd expect it to.

Edit after seeing the OP's edit. Don't execute SQL that way unless you absolutely have to. You will only give yourself grief. I don't know what database you're using and that procedure syntax doesn't look familiar, but in Oracle you could write something like:

PROCEDURE sql_test(MyName IN VARCHAR2, MyCursor OUT SYS_REFCURSOR) IS
BEGIN
  OPEN MyCursor FOR SELECT id FROM some_table WHERE name = MyName;
END;
Dan
  • 10,990
  • 7
  • 51
  • 80
  • ok, but is there another way to switch through SELECT statements using IF..THEN without putting the statement in a variable first then exec it? MS Sql Server 2008 by the way. – Control Freak Oct 03 '11 at 02:21
  • Do you mean inside the procedure? If so I'm not sure, but that's a different question and you should post it under the "sql-server" and "tsql" tags. My answer explains how to pass strings from ADO to a stored procedure, and why the quoting can get confusing and is best avoided. – Dan Oct 03 '11 at 02:38
  • +1, the key here is the use of **parameters** to pass variables to SQL Server. The Command object is how you use parameters with ADO. – Cheran Shunmugavel Oct 03 '11 at 03:50