I'm still having trouble getting some of my data being returned properly when people use quotes. (ex ProjectName contents being - the "primary" project - The double quotes are the main issue. I am using a function for the single quote and it seems to have resolved the issue.
Code:
Term = trim (Term)
if Term <> "" then
Term = Replace (Term, chr (39), chr (39) & chr (39))
end if
If Term <> "" then
I use this just when passing strings from a form. I tried altering it and using chr (34) for a double quote but it didn't work.
I working on a ASP project (usually I'm a PHP guy) and I wanted to encode a string to make it safe for a SQL insert. Is there a function built into ASP for that or do I just need to replace single quotes?
I'm having a problem finding/using an escape character with this ASP/JScript application I'm creating. Basically I have text sometimes that has apostrophes or double quotations in them, but they won't be INSERTED unless I manually take them out.
Ex: INSERT INTO tbl1 (vendor,reason) VALUES (81,"This is only a test, but there is an apostrophe and it's only going to make things worse.")
That apostrophe in "it's" is kiling everything. I've used the replace method to change it to " ' ", but that STILL doesn't work. I can't find MS SQL's ESCAPE CHARACTER. I've tried several directions of the backslash, but no luck.
I am trying to only have a link show if there is a certin value in the DB. This is what I am trying:
<% if (rsWelcome.Fields.Item("access_level").Value) = "admin" then
response.Write("| - <a href="sps_main.asp">Sales Training Support </a>-")
end if %>
BUT... this is the error I get:
Expected ')'
/sta/topnav_test.asp, line 9 response.Write("| - <a href="sps_main.asp">Sales Training Support </a>-") How do I use quotes in a "response" and have the app server ignore them??
I've a problem reading querystring parameters that are 'uri encoded'. Anyone has a solution for this? To reproduce the problem, create a classic ASP containing the following code:
-----------------------
<p>Value sent via querystring: <%= Server.HTMLEncode(Request.QueryString("value")) %></p> <input id="input" /> <button id="submit" onclick="window.location.assign('Test.asp?value=' + encodeURIComponent(input.value));">submit</button>
When chucking data in cookie you cannot use certain characters in this example ‘ : ‘ . To get around this you use escape and unescape. Trying to use the escape as such:
I've been looking for it for a while. I found it a week back by accident, but didn't need to use it then. It's a function that escapes SQL strings so that if there is a ' in the string it will escape it for you. I can remeber the name of it.
Info DB: Oracle(9i), where I generate query strings programatically and send them to the DB server.
I have rtfm'd and googled this extensively, but I have not found how to properly esacape the ampersand character in an oracle query (I'm NOT using the SQL+ command line interface).
Oracle uses the & character to denote a variable substitution, and unfortunately one of the fields I must query has data that contains the & character. I need to know how to escape the & character in my query strings so that Oracle will treat it as a string literal. Code:
I have a 'memo' form field being entered into an access database.If people put in characters other then text (Quotes, operators, etc) then I get an insert error: ---- User Input: oh let's see - a va
Error: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ''oh let's see - a va', 'No additional comments submitted')'. ----
Is there a way to get this into the database? In php, I would simply use the function 'addslashes()' (escaping the string) - is there a similar function in ASP or am I doing something else wrong?
I am inserting records into an Access table using the OleDbCommand class. The insert values come from a basic web form with text boxes. If the values contain ' or " it creates a problem. What is the proper way to escape these characters? Surely there's a built-in function for it somewhere.
Can someone help me my quotes in LISTING 2 below? LISTING 1 works fine in HTML, but I'm having trouble with quotes in LISTING 2 near the javascript code when trying to response write the entire button code.
LISTING 1: HTML <INPUT TYPE=BUTTON VALUE="<< Previous <%=iMaxRecords%> Records" ONCLICK="document.location.href='paging.asp?iPage=<%=iPage-1%>'">
I have a product description in an sql database.which looks like this Do's and Dont's.When i pull it to look at it on the screen it displays fine.But now when i go to move that into another database for the order it only displays Do in the other table. Which means its cutting everything off from the ' forward.Ive tried just about everythign to my knowledge adn i still cannot get this to work.
help with the fix quotes? For example, I have persons name as Jo'Mario entered as text in a text box, I need to text to go clean without any error because I am generating an error as follows:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
And I think it is due to single quote I am using in the text box.I know there is a coding to fix this problem but not sure of it.
Below in GOOD CODE, I have a mix of ASP/HTML that works. I'm trying to convert the code into all ASP, but I'm failing in BAD CODE. The single quotes are very hard to master.
I'm currently writing a custom financial app that tracks stock purchases and values. however, I need help in retrieving stock quotes from the internet. A 20 minute delayed quote is fine. I do not want to revert to "page or screen scraping".
I have successfully taken over a number of variables from a .csv file and put them into an .asp page. Unfortunately the .csv file has all these variables enclosed in double quotes i.e "Hello" and appear this way on the .asp page. Is there anyway of removing the double quotes (") from the beginning and end of the variables? I have tried splitting the individual variables on the " with this sSeg2 = Split( var1, """ )
My ASP page allows user to enter comments into a form. To avoid errors I'm having to strip out double quotes before saving to the database. Is there anyway to encode these so that I can store them instead, in the way was an URLEncode works?
How do I "escape" any quotes, accidental carriage returns etc that are contained within strPageTitle? Do I have to use a series of replace() functions, or is there a cunning way that makes it OK?
(Using escape(strPageTitle) fills the box with % signs...)
I have some info stored on Access DB, when i pull it for updates I should print the data as fallow:
<input type="text" name="Field1" value="<%= RS ("Field1") %>" size="20"> All that well and good but the problem occur when "RS ("Field1")" contain a double quote!
I've got an HTML page with a series of links that are intended to search a category listing in a database.
for example
link 1 has a querystring of "?subid=Boats" link 2 has a querystring of "?subid=Cars & Trucks" link 3 has a querystring of "?subid=Men's & Women's Outerwear" etc
As long as the subid doesn't contain any single quotes or any special characters such as the "&", my SQL works ok and the records are retrieved. 'm using Request("subid") to get my querystring value.Is there any way I can escape the single quotes or other special characters in the Request("subid") so it won't break the SQL?
What is the best way to deal with quotes inside form data that a user is submitting to my page?It screws up my editing feature,in which I'm using a SQL string to edit the data.Adding works with the quotes,as I'm using .addnew for new records.
I have a form that asks for the size of a particular object. Sometimes the size is 4" X 8". The problem that arises is when the record is pulled back from a database to a textbox in a form; I get an error with HTML.
I try and place the 4" X 8" into a text box, like <input type="text" name="size" value="4" X 8""> Is there something I can do in ASP to keep this from happening after the client receives the data?
As I get further and further into ASP/VBscript I realize I just don't undertstand how to properly use single/double quotes at the same time. This is really holding me back. If anyone can help me understand this better or know some good articles I would appreciate it. My current problem is adding a logo to my page from the database. What quotes are needed inside my <img> tag. Code:
I'm trying to pass data from a <textarea> box to a confirmation page and then pass the same information from the confirmation page to a final page.
When the information gets passed to the final page it is truncating it where there are double quotes. I've tried to do a replace() function to try and escape the quotes out but it's not working.
