|
-
November 17th, 1999, 09:54 PM
#1
Quotation mark problem
Dear Sir,
I have a problem about ASP/VBSCRIPT, I get an error when I try to execute the following code and input some special characters, let say, [14" monitor]. How can I solve such problems if the content of a variable contains special characters such as ", &, + , ', ;, :, [] etc.
Please help me. Think You !
Simon Kwan
<% if isempty(request.querystring ("product_desc")) then %>
<FORM name=testform method=get>
<input type=text name="product_desc" size=20>
<input type=submit>
</form>
<% else
Set DatabaseConnection = Server.CreateObject("ADODB.Connection")
DatabaseConnection.Open "mydatabase"
SQLStatement = "SELECT * FROM product_table WHERE description = '" & request.querystring("product_desc") & "'"
Set rs = DatabaseConnection.Execute(SQLStatement)
if not rs.eof then
response.write .....
end if
end if %>
-
November 18th, 1999, 03:06 AM
#2
Re: Quotation mark problem
I'd use a command object and assign the parameter value to the Value property of the corresponding parameter.
sql = "select * from ... where yourcolumn = ?"
dim cmd
set cmd = server.CreateObject("ADODB.Command")
set cmd.ActiveConnection = conn
cmd.CommandType = 1
cmd.CommandText = sql
cmd.Parameters(0).Value = request.querystring("...")
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
