General information
Category:
Active Server Page
>>Hi
>>
>>
>>I have a problem with users entering ' in a field on a classic asp page which is then used to create an SQL string which then fails.
>>
>>Whats the quickest solution to this problem.
>>
>>The system is on maintenance only so I'm really looking for something that requires minimal changes.
>>
>>
>>Thanks
>>
>>Nick
>
>Either use parameters or replace the input string with double '' (you should double the single quote). The first solution is much better.
Thanks Naomi
at the moment there's no justification for the extra work involved in switching to parameters.
Nick
Previous
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only