|
-
November 18th, 1999, 08:50 AM
#1
Quotation mark problem again
Hi,
I have an ASP problem. I have a field of product description in a table of a mdb. It may contains [14" monitor] in that field of some records. the problem is :
1. <% tmpvalue = request.querystring("prod_desc")%>
<a href=test.asp?product=<%=tmpvalue%>> <%=tmpvalue%> </a>
After evaluation, <a href=test.asp?product=14" monitor> 14" monitor </a>. It should get a wrong result since only one quotation mark.
2. sql = "SELECT * FROM product_table WHERE description = '" & request.querystring("product_desc") & "'"
set rs = databaseconnection.execute(sql)
It should get an error when execute.
3. sql = "INSERT ....." (similar to SELECT statement)
set rs = databaseconnection.execute(sql)
It also get an error.
How can I solve all of the problems. ?
Thank you !
-
November 18th, 1999, 02:55 PM
#2
Re: Quotation mark problem again
I know this is probably not the answer you want to hear but...
I'd avoid using querystring values that a) have spaces, and b) have quotation marks. You are asking for browser problems as well as database problems.
Instead, why not create an identity(auto-number) column and use that as the lookup key?
Charlie Zimmerman
http://www.freevbcode.com
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
