Keeping DB clean

[Ragol1]

I understand that certain characters arnt allowed in ASP or databases,at least I think IE "

Could someone show me how to clean a form before it sends to an ASP page and a database, for instance if someone puts a "blah blah" can I remove the " before it posts.

If you know of any onther characters that screw up an ASP page or DB please let me know..

Oh and BTW can you use the word NEXT for a field going to an ASP or an Access DB.

Thanks
Nick

 

[codestorm]

My preferred method of getting around the " issue is to put each input parameter of a stored procedure (or a Query in an Access DB) in a Parameter object, append them to a Command objects' Parameters collection, and use the Command object to execute the statement/proc.

Encapsulating text in Parameter objects preserves the text without causing issues.

As to (at a guess) using the word NEXT as an Access DB table fieldname, it's probably not a good idea as it's a reserved word in VBScript (not sure about Access).
If in doubt with a fieldname, change it from
select next from ...
to
select [next] from ... codestorm
Fire bad. Tree pretty. - Buffy
select * from population where talent > 'average'
<insert witticism here>