Re: Slightly OT: VBScript / ASP question

Bill Appledorf ( (no email) )
Mon, 11 May 1998 15:35:31 -0700

The problem with " and ' comes not when you write to the database but when
you query it. In additon, certain characters cause bad things to happen when
they appear in URL parameter strings.

If you haven't encountered these problems yet, don't worry about it. When
you do, you have the solution.

-----Original Message-----
From: Lawrence Watkins Work <lwatkins-work@thepark.net>
To: ntisp@emerald.iea.com <ntisp@emerald.iea.com>
Date: Monday, May 11, 1998 3:22 PM
Subject: Re: Slightly OT: VBScript / ASP question

>Why dont you just open a record set and update that
>directly, bypassing any of the other problems?
>eg:
>
>Status=request("Status")
>FirstName=request("FirstName")
>ect...
>
>Set Conn = Server.CreateObject("ADODB.Connection")
>SQL2 = "SELECT * FROM SubAccounts WHERE CustomerID = "&
>CustID &" AND AccountID = "& AcctID
>RS2.Open SQL2, Conn, adOpenDynamic, adLockPessimistic
>RS2("Status") = Status
>RS2("FirstName") = FirstName
>RS2("LastName") = LastName
>RS2("Login") =Login
>ect...
>RS2.Update
>
>All done, no messy stuff. Handles ' " !@#%#$^ whatever just
>fine.
>Lar
>
>-----Original Message-----
>From: Bill Appledorf <bappled1@san.rr.com>
>To: ntisp@emerald.iea.com <ntisp@emerald.iea.com>
>Date: Monday, May 11, 1998 7:33 AM
>Subject: Re: Slightly OT: VBScript / ASP question
>
>
>>>>One user discovered that my ASP script would generate an
>error if someone
>>>>uses a single quotation marks in any of the input fields.
>>
>>
>>An inelegant solution to double quotes in input strings:
>>
>><SCRIPT LANGUAGE="JavaScript" RUNAT="SERVER">
>>//==================================================
>>//
>>// removeQuotes
>>//
>>//==================================================
>>function removeQuotes (str)
>>{
>> var temp = ""
>> var i
>>
>> for (i = 0; i < str.length; i++)
>> {
>> ch = str.charAt(i)
>> if (ch != "\"")
>> {
>> temp = temp + ch
>> }
>> }
>> return temp
>>}
>></SCRIPT>
>>
>>An inelegant solution to all the characters that mess up
>URL's and SQL
>>statements:
>>
>><%
>>'==================================================
>>'
>>' RemoveBadCharacters
>>'
>>'==================================================
>>Function RemoveBadCharacters (ByVal str)
>>Dim temp1
>>Dim temp2
>>temp1 = Replace (str, "'", "`") ' single
>quote
>>temp2 = Replace (temp1, "|", "") ' OR
>>temp1 = Replace (temp2, "&", "") ' ampersand
>>temp2 = Replace (temp1, "+", "") ' plus
>>temp1 = Replace (temp2, "?", "") ' question mark
>>temp2 = removeQuotes(temp1) ' double quote
>>RemoveBadCharacters = temp2
>>End Function
>>%>
>>
>>Bill Appledorf
>>billappledorf@usa.net
>>- - - - - - - - - - - - - - - - - - - - - -
>>
>>
>>
>>
>> ----------------------------------------------------------
>> NTISP Mailing List listserver@emerald.iea.com
>>
>>
>
>
>
> ----------------------------------------------------------
> NTISP Mailing List listserver@emerald.iea.com
>
>