simonkwan
November 17th, 1999, 08:54 PM
Dear Sir,
I have a problem about ASP/VBSCRIPT, I get an error when I try to execute the following code and input some special characters, let say, [14" monitor]. How can I solve such problems if the content of a variable contains special characters such as ", &, + , ', ;, :, [] etc.
Please help me. Think You !
Simon Kwan
<% if isempty(request.querystring ("product_desc")) then %>
<FORM name=testform method=get>
<input type=text name="product_desc" size=20>
<input type=submit>
</form>
<% else
Set DatabaseConnection = Server.CreateObject("ADODB.Connection")
DatabaseConnection.Open "mydatabase"
SQLStatement = "SELECT * FROM product_table WHERE description = '" & request.querystring("product_desc") & "'"
Set rs = DatabaseConnection.Execute(SQLStatement)
if not rs.eof then
response.write .....
end if
end if %>
I have a problem about ASP/VBSCRIPT, I get an error when I try to execute the following code and input some special characters, let say, [14" monitor]. How can I solve such problems if the content of a variable contains special characters such as ", &, + , ', ;, :, [] etc.
Please help me. Think You !
Simon Kwan
<% if isempty(request.querystring ("product_desc")) then %>
<FORM name=testform method=get>
<input type=text name="product_desc" size=20>
<input type=submit>
</form>
<% else
Set DatabaseConnection = Server.CreateObject("ADODB.Connection")
DatabaseConnection.Open "mydatabase"
SQLStatement = "SELECT * FROM product_table WHERE description = '" & request.querystring("product_desc") & "'"
Set rs = DatabaseConnection.Execute(SQLStatement)
if not rs.eof then
response.write .....
end if
end if %>