I've been looking for it for a while. I found it a week back by accident, but didn't need to use it then. It's a function that escapes SQL strings so that if there is a ' in the string it will escape it for you. I can remeber the name of it.
I working on a ASP project (usually I'm a PHP guy) and I wanted to encode a string to make it safe for a SQL insert. Is there a function built into ASP for that or do I just need to replace single quotes?
I'm having a problem finding/using an escape character with this ASP/JScript application I'm creating. Basically I have text sometimes that has apostrophes or double quotations in them, but they won't be INSERTED unless I manually take them out.
Ex: INSERT INTO tbl1 (vendor,reason) VALUES (81,"This is only a test, but there is an apostrophe and it's only going to make things worse.")
That apostrophe in "it's" is kiling everything. I've used the replace method to change it to " ' ", but that STILL doesn't work. I can't find MS SQL's ESCAPE CHARACTER. I've tried several directions of the backslash, but no luck.
I am trying to only have a link show if there is a certin value in the DB. This is what I am trying:
<% if (rsWelcome.Fields.Item("access_level").Value) = "admin" then
response.Write("| - <a href="sps_main.asp">Sales Training Support </a>-")
end if %>
BUT... this is the error I get:
Expected ')'
/sta/topnav_test.asp, line 9 response.Write("| - <a href="sps_main.asp">Sales Training Support </a>-") How do I use quotes in a "response" and have the app server ignore them??
I've a problem reading querystring parameters that are 'uri encoded'. Anyone has a solution for this? To reproduce the problem, create a classic ASP containing the following code:
-----------------------
<p>Value sent via querystring: <%= Server.HTMLEncode(Request.QueryString("value")) %></p> <input id="input" /> <button id="submit" onclick="window.location.assign('Test.asp?value=' + encodeURIComponent(input.value));">submit</button>
I'm still having trouble getting some of my data being returned properly when people use quotes. (ex ProjectName contents being - the "primary" project - The double quotes are the main issue. I am using a function for the single quote and it seems to have resolved the issue.
Code:
Term = trim (Term) if Term <> "" then Term = Replace (Term, chr (39), chr (39) & chr (39)) end if If Term <> "" then
I use this just when passing strings from a form. I tried altering it and using chr (34) for a double quote but it didn't work.
When chucking data in cookie you cannot use certain characters in this example ‘ : ‘ . To get around this you use escape and unescape. Trying to use the escape as such:
Info DB: Oracle(9i), where I generate query strings programatically and send them to the DB server.
I have rtfm'd and googled this extensively, but I have not found how to properly esacape the ampersand character in an oracle query (I'm NOT using the SQL+ command line interface).
Oracle uses the & character to denote a variable substitution, and unfortunately one of the fields I must query has data that contains the & character. I need to know how to escape the & character in my query strings so that Oracle will treat it as a string literal. Code:
I have a 'memo' form field being entered into an access database.If people put in characters other then text (Quotes, operators, etc) then I get an insert error: ---- User Input: oh let's see - a va
Error: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ''oh let's see - a va', 'No additional comments submitted')'. ----
Is there a way to get this into the database? In php, I would simply use the function 'addslashes()' (escaping the string) - is there a similar function in ASP or am I doing something else wrong?
I am inserting records into an Access table using the OleDbCommand class. The insert values come from a basic web form with text boxes. If the values contain ' or " it creates a problem. What is the proper way to escape these characters? Surely there's a built-in function for it somewhere.
i am retrieving a record from the database, I am trying to place the value of the FULLNAME field in a textbox on a Form, the Problem is that it only displays half of the name leaving out the stuff that comes after a SPACE.
Example:
adors("fullname").value <--- Actual Value is John Smith but it only displays John Code:
SELECT * FROM NK_editie " & MM_whereConst & " " & whereClause & " ORDER BY editie desc
And
SELECT * FROM NK_editie INNER JOIN NK_edities ON NK_editie.editieid = NK_edities.ID ORDER BY editie desc
Now I want to combine those 2 to one string.
I have problems to set it up in working order. My tryout: SELECT * FROM NK_editie INNER JOIN NK_edities ON NK_editie.editieid = NK_edities.ID & " & MM_whereConst & " " & whereClause & " ORDER BY editie desc
It shows al the records which are joined, only the second string " & MM_whereConst & " " & whereClause & " is not working.
I found out a really nice way to keep things on the same page is for any processing page to add on a "?<something>=<something>"
and then just check to see what the something is equal to, and the number represents what you want the front page to show.
However, this <something> shows up on the url listing in a browser. Is there anyway to .. encode it so no one can see it? Like a encode/decode function?
I'm building a forum, and right now i'm creating the ability to edit posts. As part of this i want to add the usual "Edited by UserName on Date" line at the bottom, but am having problems doing so.
The problems seems to do with formatting the text in the variable with <span>s using stylesheets, or if there are " and ' markes in the post proper (which I can't seemt to remove with Replace). Here's my code:
I am developing a website and it's going fine, but i've heard that you shouldn't have your database in the wwwroot, it should be outside/above that.
I've done this (i'm using Dreamweaver MX) so I moved the db, fixed my odbc/dsn, connection string etc, but when I upload now I get this error.
Microsoft JET Database Engineerror '80004005'
'C:Program FilesEnsimSiteDatawebpplianceconfdomainsInet pubwwwrootTesting_SiteDatabasesTesting_Website _DataSource.mdb' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides. /Testing_Site/default.asp, line 8
This is line 8: Recordset1.ActiveConnection = MM_TestingConnection_STRING
Is there something that I have missed. It was ok when it was in the wwwroot.
i am having a problem with comparing two strings. I am taking in the parameter rs("Company") and if this is empty i want to put some text in there. I am testing it with an empty Company field and comparing it like so:
temp1=rs("Company") temp2=StrComp(temp1,NULL)
I have also tried it with temp2=StrComp(temp1,"")
but each time i get nothing returned. Is there some rule about comparing a string with an empty string?
I am using ASP to connect to a simple database to retreive information and also to imput information.What I need is a simple dns connection string syntax to connect and query data.
I have a search function on my site, and what happens at them moment is the user fills in a text box with their search string, and clicks submit. The search page takes their string, and splits it up where it sees " ".
All fairly simple, what I'd like is to allow the user to enter text in speechmarks, so the script would search for a couple of words together, as well as being able to search for every individual word...
Everyone confused yet?!
e.g If the user enters Dev Shed Forums , then the search would look for every occurance of the strings "Dev", "Shed" and "Forums"
What I want is for the user to be able to enter "Dev Shed" Forums, and the search will look for "Dev Shed" and "Forums"...
How do I "escape" any quotes, accidental carriage returns etc that are contained within strPageTitle? Do I have to use a series of replace() functions, or is there a cunning way that makes it OK?
(Using escape(strPageTitle) fills the box with % signs...)
I am storing some strings via asp.net in my dbase. The string looks like this:
Well, that`s just a simple level 100 quiz aiming to imprint ""standard random number generators are not really random"" program to those who still lack it. What will produce the following C# snippet? ‘ ....
Now I am reading these values via ASP and need to print them out.
Unfortunaly it does not UnCode the string back so that I can show it to the user. I know I could use the replace function but I wont replace all chars, there are many from this type. What can I do?
I'm trying to see if a certain string matches a predefined string so I've tried:
-------------- If txtCondition3 = "NO THEFT COVER unless client claim free and occupied prems for 3 yrs" Then response.write "1st condition" Else response.write "2nd condition" End If --------------