>>Hi
>>
>>
>>I have a problem with users entering ' in a field on a classic asp page which is then used to create an SQL string which then fails.
>>
>>Whats the quickest solution to this problem.
>>
>>The system is on maintenance only so I'm really looking for something that requires minimal changes.
>>
>>
>>Thanks
>>
>>Nick
>
>Either use parameters or replace the input string with double '' (you should double the single quote). The first solution is much better.

Thanks Naomi

at the moment there's no justification for the extra work involved in switching to parameters.

Nick