Re: Slightly OT: VBScript / ASP question

Danny Mayer ( mayer@mro.dec.com )
Mon, 11 May 1998 10:11:28 -0400

At 08:31 PM 5/11/98 +0800, you wrote:
>Hello.
>
>I've just installed an ODBC-based guestbook that runs on ASP.
>
>One user discovered that my ASP script would generate an error if someone
>uses a single quotation marks in any of the input fields.
>
>This is a problem now since my code puts single-quotes around each of my
>guestbook's input fields before inserting it to my ODBC database. Any
>single-quote in the field would mess things up.
>
>Any of you guys have any idea to go around this ?
>
>
>Danny Sinang

Add the following to your ASP script that does the insertion into
the database and then use the CheckQuote or CheckString, depending on what
you're doing, as a function in the code before the call to the database
to fix the input fields.

Danny

<SCRIPT LANGUAGE=VBScript RUNAT=Server>
'This function checks what will be a string value for
'embedded single quotes that will cause the SQL statement
'problems. If found, it adds another single quote to cause
'the interpreter to read the quote correctly. In addition,
'the code adds single quotes to both ends of the string and
'tacks the endchar argument onto the end of the string.
'
'This code came from the Adventure Works sample site

Function CheckQuote (s)
pos = InStr(s, "'")
While pos > 0
s = Mid(s, 1, pos) & "'" & Mid(s, pos + 1)
pos = InStr(pos + 2, s, "'")
Wend
CheckQuote = s
End Function

Function CheckString (s, endchar)
CheckString= "'" & CheckQuote(s) & "'" & endchar
End Function
</SCRIPT>

===========================================================================
Danny Mayer Digital Equipment Corporation
mayer@mro.dec.com Marlboro, MA 01752
===========================================================================