Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Single Quotes on my SQL statement 1

Status
Not open for further replies.
Yerdon

Yerdon

Programmer
Jul 29, 2002
62
US
Hi everyone,

I have a form which submits several fields to another page. This 2nd page then inputs the values into a SQL table.

The problem I've run into is that if I use some characters, like a single quote in one of the fields, the SQL will break.

I understand why that happens, but how can I get around it? Is there a function that "cleans" a string so that it can be used? Or do I have to use some sort of replace functions?

Any help would really be appreciated!

Thank you!

Joseph
 
Sort by date Sort by votes
Wow - you haven't had much luck in these forums, have you? You seem to have posted 32 questions, and only marked 1 answer as helpful. I suggest you read faq222-2244. If you aren't getting good answers the FAQ will guide you on how to ask better questions. If you are getting good answers it will show you how to acknowledge them, and what else is expected from you in terms of answers to other people's questions.

For this question:

1. Do a search on 'SQL injection'
2. Try the Replace function
Code: 
mystring=replace(mystring,"'","''")

___________________________________________________________
If you want the best response to a question, please check out FAQ222-2244 first.
'If we're supposed to work in Hex, why have we only got A fingers?'
Drive a Steam Roller
Steam Engine Prints
 
Upvote 0 Downvote
Hmmm. I hadn't thought about that. I'll flag those in the future. I've gotten good responses in the past...
 
Upvote 0 Downvote
Thanks for that!

There is an interesting article here which helps to explain the reasons why people answer questions on forums, and the way they think.

___________________________________________________________
If you want the best response to a question, please check out FAQ222-2244 first.
'If we're supposed to work in Hex, why have we only got A fingers?'
Drive a Steam Roller
Steam Engine Prints
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
READ TEXT FILE BASED ON VARIABLE 1
Replies
2
Views
347
guitarzan
guitarzan
penguinspeaks
  • Locked
  • Question
Return to current location on page after asp processes.
Replies
2
Views
366
penguinspeaks
penguinspeaks
JScannell
  • Locked
  • Question
Border issue with Google Chrome on an Android phone
Replies
0
Views
335
JScannell
JScannell
leifoet
  • Locked
  • Question
Problem: sql-Select with request.form
2
Replies
22
Views
444
leifoet
leifoet
leifoet
  • Locked
  • Question
First execute an input command and only then proceed with displaying the next record of the table
Replies
0
Views
281
leifoet
leifoet

Part and Inventory Search

Sponsor

Back
Top