[thelist] DB error
Anthony Baratta
Anthony at Baratta.com
Fri Jul 13 17:57:07 CDT 2001
At 03:11 PM 7/13/2001, you wrote:
>Any of you ASP bods out there know how to fix this?
Just use a small function that "escapes" the single quote by adding another.
''''''''''''''''''''''''''''''''''''''''''''''''''
'' EscapeDBData Function
'' Required Info Passed to Function:
'' varDataLine
''''''''''''''''''''''''''''''''''''''''''''''''''
Function EscapeDBData(varDataLine)
if not(varDataLine = "") then
varDataLine = Replace(varDataLine,"'","''",1,-1,1)
end if
EscapeDBData = varDataLine
End Function
>set RSUdate = conn.execute ("insert into guests (name, email, message)
>values('"&(request.form("from"))&"', '"&(request.form("email"))&"',
>'"&(request.form("message"))&"')")
Becomes....
set RSUdate = conn.execute ("insert into guests (name, email, message)
values('"&EscapeDBData((request.form("from")))&"',
'"&(EscapeDBData(request.form("email")))&"',
'"&(EscapeDBData(request.form("message")))&"')")
---
Anthony Baratta
President
Keyboard Jockeys
Blatant Plug: Cool Jazz for a hot summer,
http://LisaMarie.Baratta.com
More information about the thelist
mailing list