Hi,

I have a textarea (adtext) in my form in which customer can write message. Then I insert that value in my msde database.

The problem I am having is if someone put "'" in their message my insert statments blows up, and I get error.


Suppose If the value of adtext is "Write a good 'description about yourself"

My error will be

Error Type:
Microsoft OLE DB Provider for SQL Server (0x80040E14)
Line 1: Incorrect syntax near 'description'.


**************
here is my code


adtext = Request.form("adtext")

str= "INSERT INTO customer_ad(Location, Spec_Location, Adtext,ad_number, passwordhint)VALUES('" & location & "','" & speclocation & "', '" & Adtext & "'," & AdNumber & ",'" & passwordhint & "' )"
*************

I understand "'" mess up the sequences of my single quotes that I have in my insert statemnt , but i do not know how to overcome this problem

Thanks

will solve your problem