Dano Posted May 9, 2012 Share Posted May 9, 2012 Hello everyone,how can I avoid error in insert code when user insert data with ' symbol? here is a sample for my code: var insert_to = " Insert Into messages ( title, message )" + " values ( '"+title+"' ,'"+message+"' )"; conn.execute(insert_to); how can I avoid that? "I am useing asp with JavaScript <%@Language="JavaScript"%> not VBScript" thanks... Link to comment Share on other sites More sharing options...
justsomeguy Posted May 9, 2012 Share Posted May 9, 2012 You need to escape the data, you need a slash before each apostrophe. You can use the String.replace method, or a combination of split and join. Link to comment Share on other sites More sharing options...
Dano Posted May 9, 2012 Author Share Posted May 9, 2012 do you mean" values ( '/"+title+"/' ,'/"+message+"/' )"? no it is not working..ormay you Re-write that sample to be more clear? Link to comment Share on other sites More sharing options...
justsomeguy Posted May 9, 2012 Share Posted May 9, 2012 If they type the word "don't", then the query needs to look like this: ... values ('don\'t', ... The slash tells it that the quote is part of the data instead of a quote to end the string. Javascript strings have a method called replace that you can use to find and replace characters (find a quote, replace it with a slash plus a quote), or you can use String.split and Array.join. Link to comment Share on other sites More sharing options...
Dano Posted May 13, 2012 Author Share Posted May 13, 2012 if anyone can describe more I will be glad! Link to comment Share on other sites More sharing options...
justsomeguy Posted May 14, 2012 Share Posted May 14, 2012 title = title.split("'").join("\\'"); Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now