[thelist] Further ASP/Access Questions
Anthony Baratta
Tony at IdeaSystems.com
Mon Nov 20 14:34:57 CST 2000
At 09:55 AM 11/20/2000, you wrote:
>Okay, I am building a database in Access with a web interface (of course).
>I have a <TEXTAREA> where people can enter a block of text. I'm using
>VBScript. Here's my questions:
>
>1. I am concerned about adding the contents of the TEXTAREA to the database
>-- particularly people using things like single- and double-quotes, which
>will, of course, break the SQL Statement. Anyone know, off the top of their
>head, a way to convert the text entered into the TEXTAREA into a string that
>I can insert into my SQL statement?
You can do several things. I used to run all user text through the
URLencode function in VB Scripting. I then wrote/stole a URLdecode function
to get the data out. However, it makes searching data a b*tch.
Now, with MS SQL Server I just escape the single quotes with an extra
quote. And then convert the text with HTMLencode when I display it to the
browser.
>2. With the Fontosaurus site I built, I discovered that the database seems
>to limit the maximum # of characters that can be entered into a field. I've
>been ignoring this and keeping descriptions short, but is there another data
>type I can employ that will allow for longer pieces of data in the field?
Use the Memo field type.
----
Anthony Baratta
President
Keyboard Jockeys
More information about the thelist
mailing list