Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470190647
DotNetNuke Websites Problem Design Solution
Cover image for product 0470391847
Jumping from ASP to ASP.NET
View Code Camp Videos - Presentations by Wrox Authors
  Return to Index  

asp_databases thread: R: Problems with the ' character when submitting a form

Message #1 by "Giovanni Salucci" <g.salucci@n...> on Sun, 20 Jan 2002 16:06:19 +0100

	public Function fnRemoveQuote(szString)

		szDummy = ""



		for i = 1 to len(szString)

			if mid(szString,i,1) = "'" then

				szDummy = szDummy & "'" & "'"

			else

				szDummy = szDummy & mid(szString,i,1)

			end if

		next



		fnRemoveQuote = szDummy

	end function





this function substitute single apix with double apix

in your string.



HTH





-----Messaggio originale-----

Da: Dean [mailto:spinout@i...]

Inviato: domenica 20 gennaio 2002 14.56

A: ASP Databases

Oggetto: [asp_databases] Problems with the ' character when submitting a

form





Hi There

Does anyone know of a way to get around the problem of SQL statement's

failing then a user enters the ' character in to a form. This character

obviously is used in the SQL statement itself and therefore screws up the

statement if the user uses it in their form submission. How can I fix this

problem?



Many thanks for your help.



Dean.






$subst('Email.Unsub').
Message #2 by "Peter Foti (PeterF)" <PeterF@S...> on Mon, 21 Jan 2002 10:09:33 -0500
I would avoid the method below, only because it is the long way of doing

things.  Instead, a function like this is better:



Function sql_quote(str)

	str = Replace(str,"'","''")

	sql_quote = "'"& str & "'"

End Function







Then in your SQL string, you could do something like this:



SQLStr = "SELECT FirstName FROM Users WHERE LastName=" &

sql_quote(Request.Form("Lastname"))



Regards,

Peter



> -----Original Message-----

> From: Giovanni Salucci [mailto:g.salucci@n...]

> Sent: Sunday, January 20, 2002 10:06 AM

> To: ASP Databases

> Subject: [asp_databases] R: Problems with the ' character when

> submitting a form

> 

> 

> 

> 	public Function fnRemoveQuote(szString)

> 		szDummy = ""

> 

> 		for i = 1 to len(szString)

> 			if mid(szString,i,1) = "'" then

> 				szDummy = szDummy & "'" & "'"

> 			else

> 				szDummy = szDummy & mid(szString,i,1)

> 			end if

> 		next

> 

> 		fnRemoveQuote = szDummy

> 	end function

> 

> 

> this function substitute single apix with double apix

> in your string.

> 

> HTH

> 

> 

> -----Messaggio originale-----

> Da: Dean [mailto:spinout@i...]

> Inviato: domenica 20 gennaio 2002 14.56

> A: ASP Databases

> Oggetto: [asp_databases] Problems with the ' character when 

> submitting a

> form

> 

> 

> Hi There

> Does anyone know of a way to get around the problem of SQL statement's

> failing then a user enters the ' character in to a form. This 

> character

> obviously is used in the SQL statement itself and therefore 

> screws up the

> statement if the user uses it in their form submission. How 

> can I fix this

> problem?

> 

> Many thanks for your help.

> 

> Dean.

> 




> $subst('Email.Unsub').

> 

> 




> $subst('Email.Unsub').

>

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy