I am trying to make the user input form more secure and so I want to use this piece of code
[vbs]Replace(strInput, "'", "''")[/vbs]
but my sql query (which already works) looks like this
[vbs]insSQL = "insert into Details
(ServiceName, Bor_ID, Address, Postcode, Tube, Rail, Bus, Parking,
Tel, Fax, Minicom, Email, Contact, Opening, Eligibility, Access,
OtherFacil, Special, Internet, Other, Cat_ID, URI_ID, Db_ID, Des_ID, Main_ID)
values ('" & Request.Form("ServiceName") & "','" & Request.Form("Borough") & "','" & Request.Form("Address") & "','" & Request.Form("Postcode") & "','" ...[/vbs]
How am I best to implement the code? I tried to do this
[vbs]& Replace(Request.Form("ServiceName"), "'", "''") &[/vbs]
in the actual sql query but I got this error
[vbs]Data type mismatch in criteria expression. [/vbs]
If I replace "a" with "b", and then I replace "b" with "a", shouldn't I get the same result? That is what I am trying to encode and decode with Replace() function, but it is giving me different things when I replace and replace again. Here is what I am talking about: Code:
I've tried EVERY way i can think of to do this replace function, basically when i go to insert "Do's and Dont's into the database it cuts it off at "Do" because of the ' now ill show you my section of code that i have it in currently:
I'm trying to use the replace function to change a variable ie like this:- replace folder_old, txtOldFoldername,folder_rename
folder_old = c:DocumentsRoot_Testob txtOldFoldername = bob folder_rename = newfoldername
all i want to do is to beable to change the name bob to the new folder, is there a easier way to do this or am I on the right track. if i do the replace like this replace(folder_old, " & txtOldFoldername & "," & folder_rename & ") i get this error:- Cannot use parentheses when calling a Sub
I need to replace several letters to different strings ,I need it in one variable .How can I do that?
If InStr(1,request.form("S8"),"A",1)>0 or InStr(1,request.form("S8"),"B",1)>0 or InStr(1,request.form("S8"),"C",1)>0 then
a=Replace(request.form("S8"),"A","You could use occasionally") b=Replace(request.form("S8"),"B","You could use often") c=Replace(request.form("S8"),"C","You would actively promote") End if
i am new to asp and i am having problems using the replace() function to replace occurrences of text in a string.basically what i want to do is replace any occurrences of a double quote (") in a string with "
the code i am using looks like this: set overview=replace(overview,"""",""")
but when i run load the page i get the following error: Microsoft VBScript runtime error '800a01a8' Object required: '[string: "A 13 year old girl p"]' /ASP/index.asp, line 58
did i get the syntax wrong? i figured that if i was looking for a single quote that i just had to put an escaped double quote "" inside of the quotes.
I have searched so many "Replace" function topics, but there is something that I don't understand....I found some like this... Replace(strField, " ' ", " ' ' ") .... do anyone knows what's the use of replacing ' with ' ' ?
this allows me to display raw code on a page that is entered into an Access memo field. Trouble is it all comes out in one line, so i tried adding a [VBS]VbClRf, "<BR>"[/VBS] to it and am getting string errors. Ive tried a few variations and it's really bugging me.
i have stuffed some comment from database within teaxtarea, problem is text are displaying as cobination of data and html tag like <br> (data and <br>) like as follows this is the first line means<br> this is the second line. i wrote replace code as comment=replace(comment,vbcrlf,"<br>") while adding this comment to database. how could i come out from this problem.
I have the above code... is the bit where I am replacing "../" valid or can I get rid of the "&"? Can't test it at the moment so that's why I am asking here.
I seem to end up with too many double quotes when using this clean up function.. either that or I am missing a display function when I display the details from the dB.
I only really wanted the microsoft ouble quote to become one set of double quote instead of double as I have here but I can't get away with anything less.
essentially when I input a � I get a "" when I only want ".
Can the replace() function in asp be used on an excel spreadsheet? I can't seem to find out anywhere, and I can't just test and see because my connection string keeps throwing Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[Microsoft][ODBC Excel Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x664 Thread 0x19b8 DBC 0xebb6e6c Excel' . (but thats another story/future post perhaps ) I pretty much just need to know if replace() will work.
Does anyone know of a function (preferably already made) that would replace a string starting from it's start position to it's end position with a specific string...
I use a replace char function to remove any bad words from user's input to prevent SQL injection. Here is what I use:
Function killChars(strWords) Dim badChars, newChars badChars = Array("bad words here") newChars = strwords For i=0 to uBound(badChars) newChars = replace(newChars, badChars(i), "") next killChars=newChars End function
Now the problem is if a user enter "DeLETe" in the input box, and this word is not get removed before entering the DB. because I entered "delete" in the badchars array.
so how can I enable a case sensitive in my function? So the bad words would get deleted regardless its in upper or lower case?
i need to retrive record form database for a particular DATE and particular name i have to pass date and name thro "form" then i have to display that particular record . how to proceed.
In the ASP page that is in question, I build a large string (no more than 10K) which is basically an email template in HTML format. Then I replace the parts with the values, which are also strings with the size of 1-2 KB. Code:
I need to insert field data with apostrophes into Access. However, I keep getting "object expected" errors when I post. I heard about using the replace function like this:
var incidentlocation = Replace(Request.Form("incidentlocation"), "'", "''");
but I get the "object expected" error. What I am doing wrong? My code is below in the text file.
some text is coming out of the DB with different urls in it, i want to delink it (like href="#" or something), how do i do that when i don't know what url is coming out?
I've got a function that I use to replace ' marks so the page will insert properly into a database - typically I use .Code:
whatever= request.form("whatever") whatever = replace(whatever,"'", "''") However, I've got some code that I unfortunately inherited from someone else that I can't get the replace to work:Code:
call buildquery (colq,valq,retq,"whatever") colq = "(" & colq & ")" valq = "(" & valq & ")" ssql = "insert into table_name " & colq & " values " & valq I was trying to do something in the call buildquery line to add a replace, but that doesn't seem to work.
How do I take out double quotes before writing to database? As doing ,""",""e;" created an error.Is it something like ,chr(34),""e;" which I sort of stumbled accross when I did soem google searching... But what and where do these chr(34) etc coem from?
I have lots of textbox that needs to have data entry. Is it possible for me to replace the tab key to return key that transfers the focus from one textbox to another? And also, how to submit the form after all textbox have values?