|
 |
asp_databases thread: Re: Apostrophe in query
Message #1 by "Paul Morton" <paul.morton@d...> on Tue, 15 Oct 2002 12:26:22
|
|
Greetings!
Hopeless extension of the problem:
I have no control of the contents of the string coming at my asp...
I get stuff like
file.asp?task=Suppa_dell'a_mare
I can handle it in the db - double quotes, remove, replace etc... but how
do I get it that far?
How can I trap it when it arrives at the page?
thanks,
Paul
Message #2 by imran.saleem@b... on Tue, 15 Oct 2002 12:21:31 +0100
|
|
use INSTR() to test the occurence of an apostrophe and then replace it.
-----Original Message-----
From: Paul Morton [mailto:paul.morton@d...]
Sent: Tuesday, October 15, 2002 1:26 PM
To: ASP Databases
Subject: [asp_databases] Re: Apostrophe in query
Greetings!
Hopeless extension of the problem:
I have no control of the contents of the string coming at my asp...
I get stuff like
file.asp?task=Suppa_dell'a_mare
I can handle it in the db - double quotes, remove, replace etc... but how
do I get it that far?
How can I trap it when it arrives at the page?
thanks,
Paul
Message #3 by "Peter Foti (PeterF)" <PeterF@S...> on Tue, 15 Oct 2002 10:49:08 -0400
|
|
I prefer to call a function that replaces the single quotes with 2 single
quotes. Like so...
<%
Dim testString
testString = "file.asp?task=Suppa_dell'a_mare"
Function sql_quote(str)
str = Replace(str,"'","''")
sql_quote = "'"& str & "'"
End Function
SQLStr = "INSERT INTO
%>
> -----Original Message-----
> From: Paul Morton [mailto:paul.morton@d...]
> Sent: Tuesday, October 15, 2002 12:26 PM
> To: ASP Databases
> Subject: [asp_databases] Re: Apostrophe in query
>
>
> Greetings!
>
> Hopeless extension of the problem:
>
> I have no control of the contents of the string coming at my asp...
>
> I get stuff like
>
> file.asp?task=Suppa_dell'a_mare
>
> I can handle it in the db - double quotes, remove, replace
> etc... but how
> do I get it that far?
>
> How can I trap it when it arrives at the page?
>
> thanks,
>
> Paul
>
Message #4 by "Peter Foti (PeterF)" <PeterF@S...> on Tue, 15 Oct 2002 10:51:34 -0400
|
|
I prefer to call a function that replaces the single quotes
with 2 single quotes. Like so...
<%
Dim testString
testString = "file.asp?task=Suppa_dell'a_mare"
Function sql_quote(str)
str = Replace(str,"'","''")
sql_quote = "'"& str & "'"
End Function
SQLStr = "INSERT INTO MyTable (MyString) VALUES (" & sql_quote( testString )
& ")"
%>
Hope this helps.
Regards,
Peter
> > -----Original Message-----
> > From: Paul Morton [mailto:paul.morton@d...]
> > Sent: Tuesday, October 15, 2002 12:26 PM
> > To: ASP Databases
> > Subject: [asp_databases] Re: Apostrophe in query
> >
> >
> > Greetings!
> >
> > Hopeless extension of the problem:
> >
> > I have no control of the contents of the string coming at my asp...
> >
> > I get stuff like
> >
> > file.asp?task=Suppa_dell'a_mare
> >
> > I can handle it in the db - double quotes, remove, replace
> > etc... but how
> > do I get it that far?
> >
> > How can I trap it when it arrives at the page?
> >
> > thanks,
> >
> > Paul
> >
>
|
|
|
View Cart
