Hi, to insert the value in a mySQL query (don't know if there's a function for SQL,msSQL, etc.) you gotta filter it (suppose it's stored into $value) with:
mysql_real_escape_string($value)
and, if it contains spaces (VERY LIKELY INDEED) you should embrace with ''. Paolo
Tx. Haven't seen that in SQL 2000 - will poke around... I see there is a Find and a Replace page which comes with the app, - which requires one to manually enter a value to find and a second value to replace it with in a pop-up window. (Trouble for this purpose, not all users will be dilligent enough to do that each time...)
Can someone figure out the ASP file code to use the Replace part of it to be hard-coded to replace a "'" with a "`" say, and on hitting the Submit button of the editor, it invokes the Replace and strips the text as above and sends it off to the action page to safely store in an SQL db.
The usual CleanForSQL functions seem to want a querystring rather that what is sent from the editor(???) or the "Function" returns a syntax error.
RE: Clean for SQL
to insert the value in a mySQL query (don't know if there's a function for SQL,msSQL, etc.) you gotta filter it (suppose it's stored into $value) with:
mysql_real_escape_string($value)
and, if it contains spaces (VERY LIKELY INDEED) you should embrace with ''.
Paolo
RE: Clean for SQL
I see there is a Find and a Replace page which comes with the app, - which requires one to manually enter a value to find and a second value to replace it with in a pop-up window.
(Trouble for this purpose, not all users will be dilligent enough to do that each time...)
Can someone figure out the ASP file code to use the Replace part of it to be hard-coded to replace a "'" with a "`" say, and on hitting the Submit button of the editor, it invokes the Replace and strips the text as above and sends it off to the action page to safely store in an SQL db.
The usual CleanForSQL functions seem to want a querystring rather that what is sent from the editor(???) or the "Function" returns a syntax error.