June 30, 2022, 01:04:08 PM

Author Topic: The ' character, SQL Strings & ASP  (Read 7268 times)

0 Members and 1 Guest are viewing this topic.

Offline Cobra

  • cool?
  • Administrator
  • Seasoned Poster
  • *****
  • Posts: 447
  • Country:
  • Gender: Male
  • My mom says im cool!
The ' character, SQL Strings & ASP
« on: August 06, 2004, 11:36:59 AM »
ASP/VBscript:

This is pretty basic but for someone who wouldnt know i can see how it would cause mega problems when doing database inserts or updates.

When you do an update to a database from a web source and lets say for example the text inputed was

"cobra's shithole"

your insert statement will return an excellent error because it does not treat the ' character as part of a string. soooo .. you need to strip that out and replace it with its ASCII value for displaying on the net.

Example: some_value = replace(request.Form("some_requested_value"),"'","'")

do that and yer laughing.. I know pretty simple but i was developing a small admin panel today for a clients database and that was one of the issues.

So issue solved. . .
« Last Edit: August 06, 2004, 11:40:43 AM by Cobra »
I am not suffering with insanity... I am loving every minute of it.

Offline Cobra

  • cool?
  • Administrator
  • Seasoned Poster
  • *****
  • Posts: 447
  • Country:
  • Gender: Male
  • My mom says im cool!
Re:The ' character, SQL Strings & ASP
« Reply #1 on: August 24, 2004, 09:46:57 AM »
To make things easier for your SQL Inserts or Updates here is a function for formatting the strings correctly. Please note this will only work if you are going to be using it for web based projects.

<%
Function strReplaceChar(strTxt)

  If strTxt = "" then Exit Function
 
         strTxt = Replace(strTxt, "'", "&#39;")
       strTxt = Replace(strTxt, "char(34)", "&quot;")
       strTxt = Replace(strTxt, "%", "&#37;")
       strTxt = Replace(strTxt, "*", "&#42;")
    strReplaceChar = strTxt
End Function
%>


You can then just call the function the same way you would with the replace function..

variable_value = strReplaceChar(request.Form("value"))
I am not suffering with insanity... I am loving every minute of it.