Status=request("Status")
FirstName=request("FirstName")
ect...
Set Conn = Server.CreateObject("ADODB.Connection")
SQL2 = "SELECT * FROM SubAccounts WHERE CustomerID = "&
CustID &" AND AccountID = "& AcctID
RS2.Open SQL2, Conn, adOpenDynamic, adLockPessimistic
RS2("Status") = Status
RS2("FirstName") = FirstName
RS2("LastName") = LastName
RS2("Login") =Login
ect...
RS2.Update
All done, no messy stuff. Handles ' " !@#%#$^ whatever just
fine.
Lar
-----Original Message-----
From: Bill Appledorf <bappled1@san.rr.com>
To: ntisp@emerald.iea.com <ntisp@emerald.iea.com>
Date: Monday, May 11, 1998 7:33 AM
Subject: Re: Slightly OT: VBScript / ASP question
>>>One user discovered that my ASP script would generate an
error if someone
>>>uses a single quotation marks in any of the input fields.
>
>
>An inelegant solution to double quotes in input strings:
>
><SCRIPT LANGUAGE="JavaScript" RUNAT="SERVER">
>//==================================================
>//
>// removeQuotes
>//
>//==================================================
>function removeQuotes (str)
>{
> var temp = ""
> var i
>
> for (i = 0; i < str.length; i++)
> {
> ch = str.charAt(i)
> if (ch != "\"")
> {
> temp = temp + ch
> }
> }
> return temp
>}
></SCRIPT>
>
>An inelegant solution to all the characters that mess up
URL's and SQL
>statements:
>
><%
>'==================================================
>'
>' RemoveBadCharacters
>'
>'==================================================
>Function RemoveBadCharacters (ByVal str)
>Dim temp1
>Dim temp2
>temp1 = Replace (str, "'", "`") ' single
quote
>temp2 = Replace (temp1, "|", "") ' OR
>temp1 = Replace (temp2, "&", "") ' ampersand
>temp2 = Replace (temp1, "+", "") ' plus
>temp1 = Replace (temp2, "?", "") ' question mark
>temp2 = removeQuotes(temp1) ' double quote
>RemoveBadCharacters = temp2
>End Function
>%>
>
>Bill Appledorf
>billappledorf@usa.net
>- - - - - - - - - - - - - - - - - - - - - -
>
>
>
>
> ----------------------------------------------------------
> NTISP Mailing List listserver@emerald.iea.com
>
>