Using the following query I'm trying to insert a record into a table in an MS SQL Server database:

sSQLNewFeedback = "INSERT INTO cust_feedback(prj_id, item_remarks) VALUES('" & sPrjID & "', '" & sItemRemarks & "')"

sItemRemarks which is a string could contain any number of single and double quotes. The query gives an error if there's a single quote in it. Is there a way I could escape the quotes in the query?

Also, how could I accomodate single as well as double quotes within a string?

Thanks

Oh well, whammy's got a thread about this problem http://www.codingforums.com/showthread.php?s=&threadid=9843

Yeah that should answer your db question. As for accomodating double quotes in HTML output (I believe that's what you're referring to), it's simple - you just escape each double quote with another one, i.e.:

Response.Write("<input type=""text"" name=""myfield"" value=""" & myfield & """ maxlength=""30"" />")

:)

or <body scroll="&chr(34)&"auto"&chr(34)&">
as an example I have grown acustomed to using chr(34)
Usually I would create the string as a variable using ' as a quote and the run a replace function over it and then write it out.

eg;
a = "<a href='http://www.here.com' id='ThisLink'>Go here!</a>"
a = replace(a, "'", chr(34))


But if there are words in the string like " that's " which use the apostrohpe I would use two of them

a = "<a href=''http://www.here.com'' id=''ThisLink''>Go here!</a>"
a = replace(a, "''", chr(34))

No offense, Mhtml, but you really oughta try out the commenting double quotes thing! ;)

I originally was a bit confused with the double quotes myself and used chr(34) instead, but look at the way I highlighted them above and below (ASP in bold, HTML in plain text) and it should be clear to you.

I find what you're doing much harder to read, and once you get it commenting quotes is just easier (not to mention HTML with single quotes just looks "wrong" to me). :D

Besides, which is easier to type, easier to read, and shorter?

Response.Write("<body scroll="&chr(34)&"auto"&chr(34)&">")

or

Response.Write("<body scroll=""" & scrollvar & """>")

:)

P.S. If you're going to concatenate in ASP or ASP.NET (or javascript, PHP, or anything for that matter), using spaces around ampersands (or plus signs, etc.) drastically improves code readability IMHO... i.e.:

Response.Write("<body scroll=" & chr(34) & "auto" & chr(34) & ">")

although I still think that:

Response.Write("<body scroll=""" & scrollvar & """>")

Is a little more "friendly" (not just to others, but to you when you have to go back and look at your code). :D

P.P.S. If I seem anal about this kind of thing, it's probably from having to dredge through some other developers' applications and trying to decipher exactly this type of code before I can fix a bug. ;)