Using a & in a query that is actually part of a name

[Phillip Windell]

How do I use a & in a query without the script treating it a a
concatenation character? For example, I have a company name in a
field called "M & M Pump" the the & is part of the actual name. So
when I do a Select Query for that name it chokes.

--

Phillip Windell [CCNA, MVP, MCP]
WAND-TV (ABC Affiliate)
[url]www.wandtv.com[/url]

[Aaron Bertrand [MVP]]

What is your syntax? What does the SQL statement look like when you
response.write it? What on earth does "chokes" mean? If you get an error
message, maybe you could share it with us, since we all have varying
interpretations of "chokes."

FWIW, I don't have any problems here:

sql = "SELECT columns FROM table WHERE CompanyName='M & M Pump'"

--
Aaron Bertrand
SQL Server MVP
[url]http://www.aspfaq.com/[/url]




"Phillip Windell" <none> wrote in message
news:#QK8jNF3DHA.2528@TK2MSFTNGP10.phx.gbl...

> How do I use a & in a query without the script treating it a a
> concatenation character? For example, I have a company name in a
> field called "M & M Pump" the the & is part of the actual name. So
> when I do a Select Query for that name it chokes.
>
> --
>
> Phillip Windell [CCNA, MVP, MCP]
> WAND-TV (ABC Affiliate)
> [url]www.wandtv.com[/url]
>
>

[Phillip Windell]

"Aaron Bertrand [MVP]" <aaron@TRASHaspfaq.com> wrote in message
news:uAb09TF3DHA.1672@TK2MSFTNGP12.phx.gbl...

> What is your syntax? What does the SQL statement look like when you
> response.write it? What on earth does "chokes" mean? If you get an

error

> message, maybe you could share it with us, since we all have varying
> interpretations of "chokes."

"chokes" is one step below "pukes", and one step above "gags". A total
system crash would be a real "gag, choke, & puke" :)
.....anyway you should have what you need below. I tried to keep it as
orderly as I could.

------- Background information, this is not code--------------
Database = Access2000
qryShowOneClient = An Access Parameter Query
Session("CurrentClientName") = The Client Name being passed as a
parameter
CleanIllegalCharSearch() = Is a funtion to remove or adjust for
improper characters.
(I'll show the code for the function futher below)
--------End Background information-----------

Here is the SQL
strSQL = "qryShowOneclient '" &
CleanIllegalCharSearch(Session("CurrentClientName" )) & "'"

Using Response.write to test, I get these results.....
If the Client is called "Jan's Cards" it produces:
qryShowOneclient 'Jan''s Cards' .....and that works
fine
If the Client is called "Korner Treasures" it produces:
qryShowOneclient 'Korner Treasures' .....and that works
fine
If the Client is called "M & M Pump" it produces:
qryShowOneclient 'M' .....and this
fails (a.k.a. "chokes)

The error is just that it hits the EOF without finding anything
because there is no Client called "M". That isn't the real problem (I
can deal with that one). The problem is in dealing with the "&" when
supplying a parameter to a "Parameter Query". See the Function Code
below.
Here is the exact error:
ADODB.Field error '80020009'
Either BOF or EOF is True, or the current record has been deleted.
Requested operation requires a current record.
/editclientrecord.asp, line 0

---------- Code for the Function --------
Function CleanIllegalCharSearch(strString)
strString = Trim(Replace(strString,"""",""""""))
strString = Trim(Replace(strString,"%","[%]"))
strString = Trim(Replace(strString,"&", "chr(38)")) <--What do I do
here???
strString = Trim(Replace(strString,"_","[_]"))
strString = Trim(Replace(strString,"'","''"))
strString = Trim(Replace(strString,"?","_"))
strString = Trim(Replace(strString,"*","%"))
CleanIllegalCharSearch = strString
End Function
-----------End code for the Function------


--

Phillip Windell [CCNA, MVP, MCP]
WAND-TV (ABC Affiliate)
[url]www.wandtv.com[/url]

[Bob Barrows]

Phillip Windell wrote:

> strString = Trim(Replace(strString,"&", "chr(38)")) <--What do I do
> here???

You should not need to do anything here.

You would make your life much simpler if you switched to using the
"stored-procedure-as-connection-method" technique. Your query could be run
as easily as this:

conn.qryShowOneclient Session("CurrentClientName")

If the query returns records, do this:

Set rs=server.createobject("adodb.recordset")
conn.qryShowOneclient Session("CurrentClientName"), rs


No need to clean it up, or worry about delimiters, or anything. That's the
power of using parameters that you are losing when you choose to call the
query via a dynamic sql statement.

Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

[Mark Schupp]

If client is being passed as a querystring parameter you need to URLEncode
it when you build the query string.

--
Mark Schupp
Head of Development
Integrity eLearning
[url]www.ielearning.com[/url]


"Phillip Windell" <none> wrote in message
news:uQaWSZG3DHA.3256@tk2msftngp13.phx.gbl...

> "Aaron Bertrand [MVP]" <aaron@TRASHaspfaq.com> wrote in message
> news:uAb09TF3DHA.1672@TK2MSFTNGP12.phx.gbl...

> > What is your syntax? What does the SQL statement look like when you
> > response.write it? What on earth does "chokes" mean? If you get an

> error

> > message, maybe you could share it with us, since we all have varying
> > interpretations of "chokes."

>
> "chokes" is one step below "pukes", and one step above "gags". A total
> system crash would be a real "gag, choke, & puke" :)
> ....anyway you should have what you need below. I tried to keep it as
> orderly as I could.
>
> ------- Background information, this is not code--------------
> Database = Access2000
> qryShowOneClient = An Access Parameter Query
> Session("CurrentClientName") = The Client Name being passed as a
> parameter
> CleanIllegalCharSearch() = Is a funtion to remove or adjust for
> improper characters.
> (I'll show the code for the function futher below)
> --------End Background information-----------
>
> Here is the SQL
> strSQL = "qryShowOneclient '" &
> CleanIllegalCharSearch(Session("CurrentClientName" )) & "'"
>
> Using Response.write to test, I get these results.....
> If the Client is called "Jan's Cards" it produces:
> qryShowOneclient 'Jan''s Cards' .....and that works
> fine
> If the Client is called "Korner Treasures" it produces:
> qryShowOneclient 'Korner Treasures' .....and that works
> fine
> If the Client is called "M & M Pump" it produces:
> qryShowOneclient 'M' .....and this
> fails (a.k.a. "chokes)
>
> The error is just that it hits the EOF without finding anything
> because there is no Client called "M". That isn't the real problem (I
> can deal with that one). The problem is in dealing with the "&" when
> supplying a parameter to a "Parameter Query". See the Function Code
> below.
> Here is the exact error:
> ADODB.Field error '80020009'
> Either BOF or EOF is True, or the current record has been deleted.
> Requested operation requires a current record.
> /editclientrecord.asp, line 0
>
> ---------- Code for the Function --------
> Function CleanIllegalCharSearch(strString)
> strString = Trim(Replace(strString,"""",""""""))
> strString = Trim(Replace(strString,"%","[%]"))
> strString = Trim(Replace(strString,"&", "chr(38)")) <--What do I do
> here???
> strString = Trim(Replace(strString,"_","[_]"))
> strString = Trim(Replace(strString,"'","''"))
> strString = Trim(Replace(strString,"?","_"))
> strString = Trim(Replace(strString,"*","%"))
> CleanIllegalCharSearch = strString
> End Function
> -----------End code for the Function------
>
>
> --
>
> Phillip Windell [CCNA, MVP, MCP]
> WAND-TV (ABC Affiliate)
> [url]www.wandtv.com[/url]
>
>

[Phillip Windell]

"Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
news:uwG44gG3DHA.2408@tk2msftngp13.phx.gbl...

> > strString = Trim(Replace(strString,"&", "chr(38)")) <--What do

I do

> > here???

> You should not need to do anything here.

Orignially that line wasn't there at all. I only added it to try to
solve the problem. In fact, originally I never used the function at
all.

> You would make your life much simpler if you switched to using the
> "stored-procedure-as-connection-method" technique. Your query could

be run

> as easily as this:
>
> conn.qryShowOneclient Session("CurrentClientName")

That is what I thought I was doing. I'm using the "qryShowOneclient "
then using the Session("CurrentClientName") as a parameter. I see my
Conn was using "open" rather than doing it as you describe. It used to
use Dynamic querys ealier and I guess I didn't clean up the code well
enough, in fact, you were the very guy I had in mind when I decided
convert it over to parameterized querys. I'll have to go back and
recheck those things.

--

Phillip Windell [CCNA, MVP, MCP]
WAND-TV (ABC Affiliate)
[url]www.wandtv.com[/url]

[Phillip Windell]

Yea, that too. Looks like I have a few things to consider. I'll have
to go back and mull things over a bit and try again.


--

Phillip Windell [CCNA, MVP, MCP]
WAND-TV (ABC Affiliate)
[url]www.wandtv.com[/url]

"Mark Schupp" <mschupp@ielearning.com> wrote in message
news:#1w0bjG3DHA.484@TK2MSFTNGP10.phx.gbl...

> If client is being passed as a querystring parameter you need to

URLEncode

> it when you build the query string.
>
> --
> Mark Schupp
> Head of Development
> Integrity eLearning
> [url]www.ielearning.com[/url]
>
>
> "Phillip Windell" <none> wrote in message
> news:uQaWSZG3DHA.3256@tk2msftngp13.phx.gbl...

> > "Aaron Bertrand [MVP]" <aaron@TRASHaspfaq.com> wrote in message
> > news:uAb09TF3DHA.1672@TK2MSFTNGP12.phx.gbl...

> > > What is your syntax? What does the SQL statement look like when

you

> > > response.write it? What on earth does "chokes" mean? If you

get an

> > error

> > > message, maybe you could share it with us, since we all have

varying

> > > interpretations of "chokes."

> >
> > "chokes" is one step below "pukes", and one step above "gags". A

total

> > system crash would be a real "gag, choke, & puke" :)
> > ....anyway you should have what you need below. I tried to keep

it as

> > orderly as I could.
> >
> > ------- Background information, this is not code--------------
> > Database = Access2000
> > qryShowOneClient = An Access Parameter Query
> > Session("CurrentClientName") = The Client Name being passed as a
> > parameter
> > CleanIllegalCharSearch() = Is a funtion to remove or adjust for
> > improper characters.
> > (I'll show the code for the function futher below)
> > --------End Background information-----------
> >
> > Here is the SQL
> > strSQL = "qryShowOneclient '" &
> > CleanIllegalCharSearch(Session("CurrentClientName" )) & "'"
> >
> > Using Response.write to test, I get these results.....
> > If the Client is called "Jan's Cards" it produces:
> > qryShowOneclient 'Jan''s Cards' .....and that

works

> > fine
> > If the Client is called "Korner Treasures" it produces:
> > qryShowOneclient 'Korner Treasures' .....and that works
> > fine
> > If the Client is called "M & M Pump" it produces:
> > qryShowOneclient 'M' .....and

this

> > fails (a.k.a. "chokes)
> >
> > The error is just that it hits the EOF without finding anything
> > because there is no Client called "M". That isn't the real

problem (I

> > can deal with that one). The problem is in dealing with the "&"

when

> > supplying a parameter to a "Parameter Query". See the Function

Code

> > below.
> > Here is the exact error:
> > ADODB.Field error '80020009'
> > Either BOF or EOF is True, or the current record has been deleted.
> > Requested operation requires a current record.
> > /editclientrecord.asp, line 0
> >
> > ---------- Code for the Function --------
> > Function CleanIllegalCharSearch(strString)
> > strString = Trim(Replace(strString,"""",""""""))
> > strString = Trim(Replace(strString,"%","[%]"))
> > strString = Trim(Replace(strString,"&", "chr(38)")) <--What do

I do

> > here???
> > strString = Trim(Replace(strString,"_","[_]"))
> > strString = Trim(Replace(strString,"'","''"))
> > strString = Trim(Replace(strString,"?","_"))
> > strString = Trim(Replace(strString,"*","%"))
> > CleanIllegalCharSearch = strString
> > End Function
> > -----------End code for the Function------
> >
> >
> > --
> >
> > Phillip Windell [CCNA, MVP, MCP]
> > WAND-TV (ABC Affiliate)
> > [url]www.wandtv.com[/url]
> >
> >

>
>

[Phillip Windell]

"Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
news:uwG44gG3DHA.2408@tk2msftngp13.phx.gbl...

> Set rs=server.createobject("adodb.recordset")
> conn.qryShowOneclient Session("CurrentClientName"), rs

Ok, I used this:

objConn.qryShowOneClient Session("CurrentClientName"), objRS

The results are the same, it works fine as long as the parameter value
does not contain "&", but it still fails with the "&".

Mark mentioned using it with URLEncode so I tried:

objConn.qryShowOneClient URLEncode(Session("CurrentClientName")),
objRS

But that failed, complaining that URLEncode was not "defined".
Obviously that isn't the right syntax. I've never used, and I don't
remember how to use URLEncode and I don't have my normal reference
material with me right now.


--

Phillip Windell [CCNA, MVP, MCP]
WAND-TV (ABC Affiliate)
[url]www.wandtv.com[/url]

[Bob Barrows]

Phillip Windell wrote:

>> You would make your life much simpler if you switched to using the
>> "stored-procedure-as-connection-method" technique. Your query could
>> be run as easily as this:
>>
>> conn.qryShowOneclient Session("CurrentClientName")

>
> That is what I thought I was doing.

How could you think that? Your code shows you concatenating and assigning a
string to a string variable called strSQL. I'm assuming you were going to
use that variable like this:

conn.execute strsql
or
rs.open strsql

either of which amounts to executing a dynamic sql string.

In my code, I am executing qryShowOneclient as if it was a native method of
the connection object, and passing the parameter as if it was an argument of
that method. There is a huge difference. In both cases, a Command object is
created behind the scenes. In your case, the Command object will execute a
command with CommandType = adCmdText - a dynamic sql statement. In my case,
the Command's CommandType will be adCmdStoredProc. And the argument will be
used to set the value of a Parameter which will be appended to the Command's
Parameters collection.

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

[Bob Barrows]

Phillip Windell wrote:

> "Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
> news:uwG44gG3DHA.2408@tk2msftngp13.phx.gbl...

>> Set rs=server.createobject("adodb.recordset")
>> conn.qryShowOneclient Session("CurrentClientName"), rs

>
> Ok, I used this:
>
> objConn.qryShowOneClient Session("CurrentClientName"), objRS
>
> The results are the same, it works fine as long as the parameter value
> does not contain "&", but it still fails with the "&".
>
> Mark mentioned using it with URLEncode so I tried:
>
> objConn.qryShowOneClient URLEncode(Session("CurrentClientName")),
> objRS

No, he meant for you to use URLEncode if you were passing the value to be
stored in the session variable via a query string.

What does Response.Write Session("CurrentClientName") show?

Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

[Bob Barrows]

Bob Barrows wrote:

>
> No, he meant for you to use URLEncode if you were passing the value
> to be stored in the session variable via a query string.

And I meant to say that you should only use URLEncode when creating the
querystring, not when reading the values from the querystring.

Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

[Phillip Windell]

"Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
news:O#VFP9G3DHA.2700@tk2msftngp13.phx.gbl...

> >> conn.qryShowOneclient Session("CurrentClientName")

> >
> > That is what I thought I was doing.

>
> How could you think that? Your code shows you concatenating and

assigning a

I didn't say I was doing it correctly. I said I had converted from the
"dynamic string" method to the Access Query method, but I had not done
it properly and was effectively blending the two methods together and
created a mess. I don't do this everyday and the syntax between the
differnet methods gets fuzzy after a while. Anyway, forget that,...we
are past the now, and what I have now is pretty much what you
mentioned.

We can continue from your other post. I'll send the Response.write
results for your other post shortly.

--

Phillip Windell [CCNA, MVP, MCP]
WAND-TV (ABC Affiliate)
[url]www.wandtv.com[/url]

[Bob Barrows]

Phillip Windell wrote:

> "Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
> news:O#VFP9G3DHA.2700@tk2msftngp13.phx.gbl...

>>>> conn.qryShowOneclient Session("CurrentClientName")
>>>
>>> That is what I thought I was doing.

>>
>> How could you think that? Your code shows you concatenating and
>> assigning a

>
> I didn't say I was doing it correctly.

I did not mean to imply that you weren't. Just differently.


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

[Phillip Windell]

"Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
news:#MqzKFH3DHA.1392@TK2MSFTNGP11.phx.gbl...

> And I meant to say that you should only use URLEncode when creating

the

> querystring, not when reading the values from the querystring.

Ok, that is where the problem is. When I tested the Value of
Session("CurrentClientName") it was not correct, it only contained
"M". It does get it's value set from an earlier QueryString and it
appears the QueryString is chopping it off at the "&". So I assume
using the URLEncode with the QueryString will probably fix all this.
I'm sure there isn't much to doing that, but I don't know the right
way to use URLEncode, I have heard of it but never used it before.

So it the QueryString is being built and sent from this block of
Client-side code, what do I have to change to correct it?

Private Sub btnEditRecord12_OnClick()
Document.Location = "validate.asp?ID=M & M Pump"
End Sub

The "validate.asp" simply passes the QueryString value to the
Session() variable and goes on to the next page "editclientrecord.asp"
using this code:

Private Sub SetCurrentClientName()
Session("CurrentClientName") = Request.QueryString("ID")
Response.buffer = True
Response.addheader "Refresh", "0;URL=editclientrecord.asp"
Response.end
End Sub


--

Phillip Windell [CCNA, MVP, MCP]
WAND-TV (ABC Affiliate)
[url]www.wandtv.com[/url]

[Aaron Bertrand [MVP]]

You should consider using a numeric value for the "ID" as opposed to a name.
Then you can avoid all these parsing and passing problems with strings that
can have bad URL characters, and you will also avoid the potential issue
where you have two clients with the same name. You should also consider
using POST which has far less complications due to the URL. Finally, what
"validation" are you doing in validate.asp? Sounds like you're just setting
a session variable, so why not just go straight to response.redirect
"editclientrecord.asp?ID=" & server.URLEncode(Request.QueryString("ID"))

--
Aaron Bertrand
SQL Server MVP
[url]http://www.aspfaq.com/[/url]




"Phillip Windell" <none> wrote in message
news:Oucy7dH3DHA.1632@TK2MSFTNGP12.phx.gbl...

> "Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
> news:#MqzKFH3DHA.1392@TK2MSFTNGP11.phx.gbl...

> > And I meant to say that you should only use URLEncode when creating

> the

> > querystring, not when reading the values from the querystring.

>
> Ok, that is where the problem is. When I tested the Value of
> Session("CurrentClientName") it was not correct, it only contained
> "M". It does get it's value set from an earlier QueryString and it
> appears the QueryString is chopping it off at the "&". So I assume
> using the URLEncode with the QueryString will probably fix all this.
> I'm sure there isn't much to doing that, but I don't know the right
> way to use URLEncode, I have heard of it but never used it before.
>
> So it the QueryString is being built and sent from this block of
> Client-side code, what do I have to change to correct it?
>
> Private Sub btnEditRecord12_OnClick()
> Document.Location = "validate.asp?ID=M & M Pump"
> End Sub
>
> The "validate.asp" simply passes the QueryString value to the
> Session() variable and goes on to the next page "editclientrecord.asp"
> using this code:
>
> Private Sub SetCurrentClientName()
> Session("CurrentClientName") = Request.QueryString("ID")
> Response.buffer = True
> Response.addheader "Refresh", "0;URL=editclientrecord.asp"
> Response.end
> End Sub
>
>
> --
>
> Phillip Windell [CCNA, MVP, MCP]
> WAND-TV (ABC Affiliate)
> [url]www.wandtv.com[/url]
>
>

[Phillip Windell]

"Aaron Bertrand [MVP]" <aaron@TRASHaspfaq.com> wrote in message
news:OoLzRjH3DHA.2556@TK2MSFTNGP10.phx.gbl...

> You should consider using a numeric value for the "ID" as opposed to

a name.

In this case I can not.

> where you have two clients with the same name. You should also

consider

There will never be two clients with the same name. The field is the
Key Field and doesn't allow duplicates. I have thought over this
fairly carefully and I think it will serve me fine for this particular
table and also for at least one other one. Pretty much all the other
Tables do use numbers (autonumber), and a few use GUIDs. I
personally like the GUID the best but I don't want to cause all the
extra work to go back and change them to GUIDs.

> using POST which has far less complications due to the URL.

Finally, what

I try to always use post and 99% of the rest of the site does use
post, in fact this is the only querystring in the whole thing. But I
can not find a good way to use a Form/Post combination in this case.
If I knew how to go that way I would.

> "validation" are you doing in validate.asp? Sounds like you're just

setting

> a session variable, so why not just go straight to response.redirect
> "editclientrecord.asp?ID=" &

server.URLEncode(Request.QueryString("ID"))

That is all it does for *this* page. Validate.asp has a series of
Functions and proceedures that are used by a lot of other things as
well.

I just have a thing about querystring data showing in the address
bar,...I don't want it there. So I pass the string to the
intermediate page "validate.asp", dump it into a Session variable and
then go on the the final page "editclientrecord.asp" where it uses the
Session variable. There are other things that continue to use the
Session variable after this as well and I would lose that if I just
went by the querystring by itself.

However, with all that said,...I'm sure there is a way out there
somewhere to use Form/Post instead and I will be re-visiting the issue
later, either over the weekend or on Tues or Weds.

> --
> Aaron Bertrand
> SQL Server MVP
> [url]http://www.aspfaq.com/[/url]
>
>
>
>
> "Phillip Windell" <none> wrote in message
> news:Oucy7dH3DHA.1632@TK2MSFTNGP12.phx.gbl...

> > "Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
> > news:#MqzKFH3DHA.1392@TK2MSFTNGP11.phx.gbl...

> > > And I meant to say that you should only use URLEncode when

creating

> > the

> > > querystring, not when reading the values from the querystring.

> >
> > Ok, that is where the problem is. When I tested the Value of
> > Session("CurrentClientName") it was not correct, it only contained
> > "M". It does get it's value set from an earlier QueryString and

it

> > appears the QueryString is chopping it off at the "&". So I

assume

> > using the URLEncode with the QueryString will probably fix all

this.

> > I'm sure there isn't much to doing that, but I don't know the

right

> > way to use URLEncode, I have heard of it but never used it before.
> >
> > So it the QueryString is being built and sent from this block of
> > Client-side code, what do I have to change to correct it?
> >
> > Private Sub btnEditRecord12_OnClick()
> > Document.Location = "validate.asp?ID=M & M Pump"
> > End Sub
> >
> > The "validate.asp" simply passes the QueryString value to the
> > Session() variable and goes on to the next page

"editclientrecord.asp"

> > using this code:
> >
> > Private Sub SetCurrentClientName()
> > Session("CurrentClientName") = Request.QueryString("ID")
> > Response.buffer = True
> > Response.addheader "Refresh", "0;URL=editclientrecord.asp"
> > Response.end
> > End Sub
> >
> >
> > --
> >
> > Phillip Windell [CCNA, MVP, MCP]
> > WAND-TV (ABC Affiliate)
> > [url]www.wandtv.com[/url]
> >
> >

>
>

[Bob Barrows]

Phillip Windell wrote:

> "Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
> news:#MqzKFH3DHA.1392@TK2MSFTNGP11.phx.gbl...

>> And I meant to say that you should only use URLEncode when creating
>> the querystring, not when reading the values from the querystring.

>
> Ok, that is where the problem is. When I tested the Value of
> Session("CurrentClientName") it was not correct, it only contained
> "M". It does get it's value set from an earlier QueryString and it
> appears the QueryString is chopping it off at the "&". So I assume
> using the URLEncode with the QueryString will probably fix all this.
> I'm sure there isn't much to doing that, but I don't know the right
> way to use URLEncode, I have heard of it but never used it before.
>
> So it the QueryString is being built and sent from this block of
> Client-side code, what do I have to change to correct it?
>
> Private Sub btnEditRecord12_OnClick()
> Document.Location = "validate.asp?ID=M & M Pump"
> End Sub

It looks like you are going to need to replace the "&" here with "%26"

I'm surprised the spaces aren't causing a problem ...

Bob Barrows

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

[Phillip Windell]

"Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message
news:Oh8E#dI3DHA.1632@TK2MSFTNGP12.phx.gbl...

> > Private Sub btnEditRecord12_OnClick()
> > Document.Location = "validate.asp?ID=M & M Pump"
> > End Sub

>
> It looks like you are going to need to replace the "&" here with

"%26"

> I'm surprised the spaces aren't causing a problem ...

Using Server.URLEncode() took care of it.
The above was from the "view source" in the browser to see what it was
producing client-side. The actual code uses the Array holding the
records as seen below.

This:
..........."validate.asp?ID=<%=aryRecords(0,r)%>"
Became this:
.......... "validate.asp?ID=<%=Server.URLEncode(aryRecords(0, r))%>"

And that took care of it. I'll look into finding a way to use
Form/Post instead of QueryString later.

Thanks for responding back so quick in these post!

--

Phillip Windell [CCNA, MVP, MCP]
WAND-TV (ABC Affiliate)
[url]www.wandtv.com[/url]

[Steven Cheng[MSFT]]

Hi,


Thank you for posting here. Regarding on the issue, I am
finding proper resource to assist you and we will update as soon as posible.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security(This[/url] posting is provided "AS IS",
with no warranties, and confers no rights.)

[MSFT]

Hi Phillip,

To use the URLEncode function, the correct syntax is:

server.URLEncode("M & M Pump")

And the string will be Encode to:

M+%26+M+Pump

And "validate.asp?ID=M+%26+M+Pump" is also a valid request string.

And it has to be used in server side script.

Hope this help,

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Luke