>Hi
>
>
>I have a problem with users entering ' in a field on a classic asp page which is then used to create an SQL string which then fails.
>
>Whats the quickest solution to this problem.
>
>The system is on maintenance only so I'm really looking for something that requires minimal changes.
>
>
>Thanks
>
>Nick
Before sending the string to the SQL Server replace all occurances of " ' " with " ` " (the character to the left of the "1" key.). To the user, they basically appear the same, but the SQL server will not throw an error. The " ' " character is a reserved character in SQL server.
Greg Reichert