Re: Slightly OT: VBScript / ASP question

Danny Sinang ( (no email) )
Mon, 11 May 1998 23:21:01 +0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Danny Mayer: "Re: Slightly OT: VBScript / ASP question"
Next message: Network Operations: "Re: Dumb IIS 4 question...."
Maybe in reply to: Danny Sinang: "Slightly OT: VBScript / ASP question"
Next in thread: Bill Appledorf: "Re: Slightly OT: VBScript / ASP question"

Thanks Danny.

A friend of mine - Andrew Smith - gave me a DLL to replace the single quote
with the ` character. This solved the problem too. Details are at
http://home.earthlink.net/~andrewsmith/replacequotes.htm

- Danny Sinang

-----Original Message-----
From: Danny Mayer <mayer@mro.dec.com>
To: ntisp@emerald.iea.com <ntisp@emerald.iea.com>
Date: Monday, May 11, 1998 10:20 PM
Subject: Re: Slightly OT: VBScript / ASP question

>At 08:31 PM 5/11/98 +0800, you wrote:
>>Hello.
>>
>>I've just installed an ODBC-based guestbook that runs on ASP.
>>
>>One user discovered that my ASP script would generate an error if someone
>>uses a single quotation marks in any of the input fields.
>>
>>This is a problem now since my code puts single-quotes around each of my
>>guestbook's input fields before inserting it to my ODBC database. Any
>>single-quote in the field would mess things up.
>>
>>Any of you guys have any idea to go around this ?
>>
>>
>>Danny Sinang
>
> Add the following to your ASP script that does the insertion into
> the database and then use the CheckQuote or CheckString, depending on
what
> you're doing, as a function in the code before the call to the database
> to fix the input fields.
>
> Danny
>
><SCRIPT LANGUAGE=VBScript RUNAT=Server>
>'This function checks what will be a string value for
>'embedded single quotes that will cause the SQL statement
>'problems. If found, it adds another single quote to cause
>'the interpreter to read the quote correctly. In addition,
>'the code adds single quotes to both ends of the string and
>'tacks the endchar argument onto the end of the string.
>'
>'This code came from the Adventure Works sample site
>
>Function CheckQuote (s)
> pos = InStr(s, "'")
> While pos > 0
> s = Mid(s, 1, pos) & "'" & Mid(s, pos + 1)
> pos = InStr(pos + 2, s, "'")
> Wend
> CheckQuote = s
>End Function
>
>Function CheckString (s, endchar)
> CheckString= "'" & CheckQuote(s) & "'" & endchar
>End Function
></SCRIPT>
>
>
>===========================================================================
>Danny Mayer Digital Equipment Corporation
>mayer@mro.dec.com Marlboro, MA 01752
>===========================================================================
>
>
> ----------------------------------------------------------
> NTISP Mailing List listserver@emerald.iea.com
>

Previous message: Danny Mayer: "Re: Slightly OT: VBScript / ASP question"
Next message: Network Operations: "Re: Dumb IIS 4 question...."
Maybe in reply to: Danny Sinang: "Slightly OT: VBScript / ASP question"
Next in thread: Bill Appledorf: "Re: Slightly OT: VBScript / ASP question"