Replacing characters in string

D

durilai

Newcomer
Joined
Oct 20, 2005
Messages
10
I have a simple form with a text box and a submit button. Once submitted the value in the text box is checked against a table, if there is a match it adds it to another table.

The problem is this program is set up to allow scanning of barcodes, but the ID is for ex. A000123, and it works if I enter 000123 or 123, but the "A" gives me a "no value given for one or more required paramenters" error.

I have tried doing a simple replace:
Code: 
            Dim idx As Integer
            idx = Me.txtAddPrep.Text
            idx = Replace(idx, "A", "")

That does not solve the problem. I will also post the SQL call:
Code: 
            strSQL = "Select * FROM tablename WHERE id = " & idx

Any help would be greatly appreciated. If this is possible, the idx alpha is not always "A" it can be any letter, so if there is a solution to replace all letters with nothing that would be even better.

Thanks
 
question. . . what do you think will happen if someone types in your text box the following string -

1;drop table tablename;

and presses enter
 
Cags said:
If they get the Replace code working then nothing much will happen when they enter that code because all letters will be removed and it will parsed to an int.
Click to expand...
well that begs the question. . . if the barcode has a character in it why is he saving it as an int? why is it an int in the database?

  1. make it a string/varchar.
  2. use a parameterized query.
  3. forget all this nonsense.
K.I.S.S.
 
Cags said:
If they get the Replace code working then nothing much will happen when they enter that code because all letters will be removed and it will parsed to an int.
Click to expand...
so what happens if someone types in -

THIS IS NOT AN NUMBER
 
Is it always a single letter at the start of the string or could it be more complex? If it is a single letter then you could do something like
Visual Basic: 
idx = Me.txtAddPrep.Text.substring(1)

I would however also heed Joe Mamma in regards to building SQL up through string concatenation - either use a stored proc or a parameterised query.
 
question. . . what do you think will happen if someone types in your text box the following string - 1;drop table tablename; and presses enter
Click to expand...

That is a good thought and did not really think about that, but you did give me some more insight for the future. But I am hoping to like the reply said remove all characters from the string.

Well, to answer some of those other questions. The ID field in the database is an integer because it is an autonumber. The letters are added to match an old method of numbering.

so what happens if someone types in -THIS IS NOT AN NUMBER
Click to expand...

I am hoping that it wil become blank since it had all of the characters removed.

Is it always a single letter at the start of the string or could it be more complex?
Click to expand...

It will always have a single letter in the front, but the barcode program also writes a random letter at the end (I believe its a checksum) that also need to be removed.

Thanks for all the help.
 
durilai said:
It will always have a single letter in the front, but the barcode program also writes a random letter at the end (I believe its a checksum) that also need to be removed.
Click to expand...
first. . . my only intent of the my question was to get you to think about things. In the world of the internet, tone gets lost and sometimes curt responses to questions are taken too personally.

that being said.

the last letter of a barcode is not random, it is a checksum.
In our app, we store all the characters of the barcode as a varchar. be careful, your barcode reader is also most likely going to send a 0x000D to your form, as well.

Barcodes are not numbers. . .I implore you to store the entire barcode in a varchar. It will save you a ton of trouble. redesign now!

We could show you how to do what you want to do, but that would really be doing you a disservice. . .

cool?
 
Back
Top