Hi All,

I have a re occuring problem, usually with SQL statements when either HTML or ' are entered in form fields for updating or adding records to access databases. It breaks up the SQL statement written and causes the SQL to fail. I though i solved this problem by using objRS.AddNew & objRS.Update statements, but still seems to exist on some occasions. I believe this would be a common function and was wondering what solutions you guys use to over come this.

Regards

TDA

TDA

__________________
TDA

Basically Tim you need to replace all single quotes(') with two single quotes('').Not double quotes but two singles
strField = replace(strField,"'","''")
This is also important for security so you need to do it with every text field input in your DB from ASP forms.
I also do a replace on "--" with "" to help stop people messing with your db.
I do this in one function

function safeTextField(strIn)
 safeTextField = replace(replace(strIn,"'","''"),"--","")
end function

See Ken Schaefers' web site www.openstatic.com.au for some info into this kind security.

Wrong Address for Kens' site
Its is
http://www.adopenstatic.com
The specific article is at
http://www.adopenstatic.com/resource...Validation.asp

Thanks for your advice Rod

Its definately an issue i need to fix in my apps

Tim :)



TDA