To read the article online, visit http://www.4GuysFromRolla.com/webtech/013099-1.shtml

To Quote or Not to Quote -
That is the Question

OR - How I learned to use Single & Double Quotes in ASP and lived to tell about it!
(A Quotes in ASP Tutorial)


First of all:
Double Quote Marks (") have to be around an entire SQL Statement

If there is Limiter (non-numeric), like 'where Fieldname = Peter', where the limiter is not numeric, then you must put single quotes around it:

"Select * from Tablename where (Firstname) = 'Peter'"

This is an example of an EXACT SQL Statement. We are asking to return all instances of the name 'Peter'.

Here's where it gets tricky with variables. In our form, we are requesting a name, but whoever fills out the form might want to search for someone with a different name. So, since it can be different things to different people, we assign that section of the SQL statement a variable.

Let's say you have designated a variable called FirstNameVar. Above where Peter starts is where the variable would go, but Peter is an exact search and a variable is not, so your SQL ending double quote goes directly after the single quote. This is where the EXACT SQL statement ends. At this point, you have:

"Select * from Tablename where (Firstname) = '"

Notice, that directly after the single quote is a double quote, just as if it were the end, but as you know, it isn't.

Think of how a Response.Write statement is in ASP when we have html that needs to be in the response.write statement:

Response.write "Here is the the name You wanted" & MyRs(Fieldname)

The exact HTML is separated from the ASP. Well, in SQL, the same thing is happening. You are separating the EXACT SQL statement from the Variables.

OK, what about the variable? Well, you add an ampersand and the variable name:

"Select * from Tablename where (Firstname) = '" & FirstNameVar

But, we're not finished yet, because, if you remember, the EXACT name must be surrounded by single quotes and the entire SQL statement must start & end with double quotes. Therefore, we must add the single quote, but also remember that it is still part of the EXACT SQL Syntax. And - in SQL, when you separate the EXACT SQL from the variables, each section of the EXACT SQL is enclosed within its own double quotes. The SQL statement, though, within the ASP brackets is a separated text statement. The EXACT SQL is surrounded by quotes, where the variables aren't. Remember, we are inside the ASP brackets with this SQL statement and everything within double quotes is not considered ASP code. So, we end up with:

"Select * from Tablename where (Firstname) = '" & FirstNameVar & "'"

If you wanted to change out the "=" for "like", then you would have an exact SQL like:

"Select * from Tablename where (Firstname) LIKE 'Peter%'"

where this would find all instances of Peter as well as Peterman, Peterovsky, etc.
OR:

"Select * from Tablename where (Firstname) LIKE '%Peter%'"

-- which would return to you any name which had the letters Peter anywhere in it.

With Variables, that would give you something like this:

"Select * from Tablename where (Firstname) LIKE '%" & FirstNameVar & "%'"

And, of course, this is only part 1 because we are dealing with Non-numeric values only. There are no single quotes around numeric values in an SQL statement, so we don't have to add the single quotes when the variables are numeric.

I will deal with this next - stay tuned!

Happy Programming!


Article Information
Article Title: To Quote or Not to Quote- That is the Question!
Article Author: David Wier
Published Date: Saturday, January 30, 1999
Article URL: http://www.4GuysFromRolla.com/webtech/013099-1.shtml


Copyright 2017 QuinStreet Inc. All Rights Reserved.
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers