Problem with input

Expand Post »

Hello all!

I need to fill a database using microsoft access and sql in an asp page.

I need to check that the input is not exsit yet, so I use the following to create sql sentence:
tempsql = select * from table where filed= '"
tempsql = tempsql & request.form("name")
tempsql = tempsql & "'"

My problem is that I have to allow the input to include the sign ' ... it doesnt agree to acept it because of the field =' '...

In which other form can I get that input?
Thanks,
Plonter

Similar Threads

Plonter

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

1 posts
since Mar 2006

Permalink

Mar 13th, 2006

Re: Problem with input

You will need to use a simple, yet essential, replace statement on your inputs to allow the use of quotes. This allows the users to input values such as O'Hare legitimately, and also prevents the simplest form of SQL Injection attack by the use of a ' to break the code. A simple function to replace quotes would be like:

ASP Syntax (Toggle Plain Text)
function cleanString( string )
'// replace single quotes
strTemp = replace(string, "'", "''")
'// replace quotes
strTemp = replace(strTemp, """", """""")
cleanString = strTemp
end function
function cleanString( string )
'// replace single quotes
strTemp = replace(string, "'", "''")
'// replace quotes
strTemp = replace(strTemp, """", """""")
cleanString = strTemp
end function

Lafinboy

Reputation Points: 16

Solved Threads: 7

Junior Poster

Offline

166 posts
since Jul 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in ASP Forum Timeline: Merge two string

Next Thread in ASP Forum Timeline: How can i remove the comma?

DaniWeb Message

Cancel Changes

User Name
Password