ASP/VBscript:
This is pretty basic but for someone who wouldnt know i can see how it would cause mega problems when doing database inserts or updates.
When you do an update to a database from a web source and lets say for example the text inputed was
"cobra's shithole"
your insert statement will return an excellent error because it does not treat the ' character as part of a string. soooo .. you need to strip that out and replace it with its ASCII value for displaying on the net.
Example: some_value = replace(request.Form("some_requested_value"),"'","'")
do that and yer laughing.. I know pretty simple but i was developing a small admin panel today for a clients database and that was one of the issues.
So issue solved. . .
To make things easier for your SQL Inserts or Updates here is a function for formatting the strings correctly. Please note this will only work if you are going to be using it for web based projects.
<%
Function strReplaceChar(strTxt)
If strTxt = "" then Exit Function
strTxt = Replace(strTxt, "'", "'")
strTxt = Replace(strTxt, "char(34)", """)
strTxt = Replace(strTxt, "%", "%")
strTxt = Replace(strTxt, "*", "*")
strReplaceChar = strTxt
End Function
%>
You can then just call the function the same way you would with the replace function..
variable_value = strReplaceChar(request.Form("value"))