A friend of mine - Andrew Smith - gave me a DLL to replace the single quote
with the ` character. This solved the problem too. Details are at
- Danny Sinang
From: Danny Mayer <email@example.com>
To: firstname.lastname@example.org <email@example.com>
Date: Monday, May 11, 1998 10:20 PM
Subject: Re: Slightly OT: VBScript / ASP question
>At 08:31 PM 5/11/98 +0800, you wrote:
>>I've just installed an ODBC-based guestbook that runs on ASP.
>>One user discovered that my ASP script would generate an error if someone
>>uses a single quotation marks in any of the input fields.
>>This is a problem now since my code puts single-quotes around each of my
>>guestbook's input fields before inserting it to my ODBC database. Any
>>single-quote in the field would mess things up.
>>Any of you guys have any idea to go around this ?
> Add the following to your ASP script that does the insertion into
> the database and then use the CheckQuote or CheckString, depending on
> you're doing, as a function in the code before the call to the database
> to fix the input fields.
><SCRIPT LANGUAGE=VBScript RUNAT=Server>
>'This function checks what will be a string value for
>'embedded single quotes that will cause the SQL statement
>'problems. If found, it adds another single quote to cause
>'the interpreter to read the quote correctly. In addition,
>'the code adds single quotes to both ends of the string and
>'tacks the endchar argument onto the end of the string.
>'This code came from the Adventure Works sample site
>Function CheckQuote (s)
> pos = InStr(s, "'")
> While pos > 0
> s = Mid(s, 1, pos) & "'" & Mid(s, pos + 1)
> pos = InStr(pos + 2, s, "'")
> CheckQuote = s
>Function CheckString (s, endchar)
> CheckString= "'" & CheckQuote(s) & "'" & endchar
>Danny Mayer Digital Equipment Corporation
>firstname.lastname@example.org Marlboro, MA 01752
> NTISP Mailing List email@example.com