DaniWeb Forum Index > Web Development > ASP

ASP RSS

Problem with input

Please support our ASP advertiser: $4.95 a Month - ASP.NET Web Hosting – Click Here!

•

Join Date: Mar 2006

Posts: 1

Reputation: Plonter is an unknown quantity at this point

Solved Threads: 0

Plonter

Offline

Newbie Poster

Problem with input

Mar 10th, 2006

Hello all!

I need to fill a database using microsoft access and sql in an asp page.

I need to check that the input is not exsit yet, so I use the following to create sql sentence:
tempsql = select * from table where filed= '"
tempsql = tempsql & request.form("name")
tempsql = tempsql & "'"

My problem is that I have to allow the input to include the sign ' ... it doesnt agree to acept it because of the field =' '...

In which other form can I get that input?
Thanks,
Plonter

•

Join Date: Jul 2004

Posts: 166

Reputation: Lafinboy is an unknown quantity at this point

Solved Threads: 7

Lafinboy

Offline

Junior Poster

Re: Problem with input

Mar 13th, 2006

You will need to use a simple, yet essential, replace statement on your inputs to allow the use of quotes. This allows the users to input values such as O'Hare legitimately, and also prevents the simplest form of SQL Injection attack by the use of a ' to break the code. A simple function to replace quotes would be like:

 Help with Code Tags 
 ASP Syntax (Toggle Plain Text) 
function cleanString( string )
'// replace single quotes
strTemp = replace(string, "'", "''")
'// replace quotes
strTemp = replace(strTemp, """", """""")
cleanString = strTemp
end function
function cleanString( string )
'// replace single quotes
strTemp = replace(string, "'", "''")
'// replace quotes
strTemp = replace(strTemp, """", """""")
cleanString = strTemp
end function

If I've been a help please confirm by clicking the Add to Lafinboy's Reputation link in the header of this reply.

Lafinboy Productions
:: Website Design :: Website Development ::