simonkwan
November 18th, 1999, 07:50 AM
Hi,
I have an ASP problem. I have a field of product description in a table of a mdb. It may contains [14" monitor] in that field of some records. the problem is :
1. <% tmpvalue = request.querystring("prod_desc")%>
<a href=test.asp?product=<%=tmpvalue%>> <%=tmpvalue%> </a>
After evaluation, <a href=test.asp?product=14" monitor> 14" monitor </a>. It should get a wrong result since only one quotation mark.
2. sql = "SELECT * FROM product_table WHERE description = '" & request.querystring("product_desc") & "'"
set rs = databaseconnection.execute(sql)
It should get an error when execute.
3. sql = "INSERT ....." (similar to SELECT statement)
set rs = databaseconnection.execute(sql)
It also get an error.
How can I solve all of the problems. ?
Thank you !
I have an ASP problem. I have a field of product description in a table of a mdb. It may contains [14" monitor] in that field of some records. the problem is :
1. <% tmpvalue = request.querystring("prod_desc")%>
<a href=test.asp?product=<%=tmpvalue%>> <%=tmpvalue%> </a>
After evaluation, <a href=test.asp?product=14" monitor> 14" monitor </a>. It should get a wrong result since only one quotation mark.
2. sql = "SELECT * FROM product_table WHERE description = '" & request.querystring("product_desc") & "'"
set rs = databaseconnection.execute(sql)
It should get an error when execute.
3. sql = "INSERT ....." (similar to SELECT statement)
set rs = databaseconnection.execute(sql)
It also get an error.
How can I solve all of the problems. ?
Thank you !