The ' character, SQL Strings & ASP

Started by Cobra, August 06, 2004, 11:36:59 AM

Previous topic - Next topic
August 06, 2004, 11:36:59 AM Last Edit: August 06, 2004, 11:40:43 AM by Cobra
ASP/VBscript:

This is pretty basic but for someone who wouldnt know i can see how it would cause mega problems when doing database inserts or updates.

When you do an update to a database from a web source and lets say for example the text inputed was

"cobra's shithole"

your insert statement will return an excellent error because it does not treat the ' character as part of a string. soooo .. you need to strip that out and replace it with its ASCII value for displaying on the net.

Example: some_value = replace(request.Form("some_requested_value"),"'","'")

do that and yer laughing.. I know pretty simple but i was developing a small admin panel today for a clients database and that was one of the issues.

So issue solved. . .
I am not suffering with insanity... I am loving every minute of it.

To make things easier for your SQL Inserts or Updates here is a function for formatting the strings correctly. Please note this will only work if you are going to be using it for web based projects.

<%
Function strReplaceChar(strTxt)

 If strTxt = "" then Exit Function
 
        strTxt = Replace(strTxt, "'", "&#39;")
       strTxt = Replace(strTxt, "char(34)", "&quot;")
       strTxt = Replace(strTxt, "%", "&#37;")
       strTxt = Replace(strTxt, "*", "&#42;")
   strReplaceChar = strTxt
End Function
%>


You can then just call the function the same way you would with the replace function..

variable_value = strReplaceChar(request.Form("value"))
I am not suffering with insanity... I am loving every minute of it.

SMF spam blocked by CleanTalk