>Hi
>
>
>I have a problem with users entering ' in a field on a classic asp page which is then used to create an SQL string which then fails.
>
>Whats the quickest solution to this problem.
>
>The system is on maintenance only so I'm really looking for something that requires minimal changes.
>
>
>Thanks
>
>Nick
Either use parameters or replace the input string with double '' (you should double the single quote). The first solution is much better.
If it's not broken, fix it until it is.
My Blog