tna | email messageTo deal with the apostrophes, double them up. Example:
Function SafeIn(s)
SafeIn = Replace(s, "'", "''")
End Function
sEmail = Request.Form("emailaddress")
sVal = Request.Form("comments")
sql="insert into tableName (email,comments) values ('" SafeIn(sEmail) &
"','" SafeIn(sComments) & "');"
To deal with carriage returns, let them be. They are being inserted into
your database and being returned just fine, as you'd see in a view source.
When you pull the values out, replace vbCrLf with <BR>. Example:
Function SafeOut(s)
SafeOut = Replace(s, vbCrLf, "<br>")
End Function
sVal = yourRecordset.Fields.Item(0).Value
Response.Write SafeOut(sVal)
You may want to also replace " with " in your "safeOut" function.
Ray at home
[quoted text, click to view] "tna | timothy gardiner" <tim@timgardiner.id.au> wrote in message
news:3ff10bf3$0$18389$afc38c87@news.optusnet.com.au...
Hi everyone!
Question for you...
I've written several scenarios where the end user needs to enter data into a
textarea (descriptions, messges etc) which becomes part of a form. End users
often put apostrophe's and carrige returns in the textarea... however, when
the code i write is submitted to the database, it generates an sql command
from the page that sent the action.
Client Side:
<form action="somepage.asp" method="post">
<input type="text" name="emailaddress">
<textarea cols="20" rows="5" name="comments"></textarea>
</form>
On code submission...
sql="insert into tableName (email,comments) values ('" &
request.form("emailaddress") & "','" & request.form("comments") & "');"
db.execute(sql)
Now, when strange people put carrige returns, it stuffs up the string and
therefore produces an error, and to make matters worse if it did recognise a
carrige return, it wouldn't be displayed on HTML output. Apostrophes are
even worse - they signify the end of a variable in the SQL sentance
Can anyone help me and figure out a new way of writing to the DB?
THANKS!
