Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470190647
DotNetNuke Websites Problem Design Solution
Cover image for product 0470391847
Jumping from ASP to ASP.NET
Attention User Groups: Post your next INETA event here
  Return to Index  

access_asp thread: replace function not work

Message #1 by ysiline@r... on Tue, 10 Dec 2002 11:54:11
In order to protect from SQL injection we need to replace ' with ", so I 
used replace function but it doesn't work.

username=replace(username,"'",""")

the above statement is what I do at both client side and server side.
Can anyone help me on this?
Message #2 by "Larry Woods" <larry@l...> on Tue, 10 Dec 2002 07:27:36 -0700
You need FOUR double quotes:
	username=replace(username,"'","""")

Larry Woods

> -----Original Message-----
> From: ysiline@r... [mailto:ysiline@r...]
> Sent: Tuesday, December 10, 2002 11:54 AM
> To: Access ASP
> Subject: [access_asp] replace function not work
>
>
> In order to protect from SQL injection we need to
> replace ' with ", so I
> used replace function but it doesn't work.
>
> username=replace(username,"'",""")
>
> the above statement is what I do at both client side
> and server side.
> Can anyone help me on this?
>

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy