Jump to content

error in asp classic"Javascript" when user insert data with ' symbol

Recommended Posts

Hello everyone,how can I avoid error in insert code when user insert data with ' symbol? here is a sample for my code: var insert_to = " Insert Into messages ( title, message )" + " values ( '"+title+"' ,'"+message+"' )"; conn.execute(insert_to); how can I avoid that? "I am useing asp with JavaScript <%@Language="JavaScript"%> not VBScript" thanks...

Link to post
Share on other sites

If they type the word "don't", then the query needs to look like this: ... values ('don\'t', ... The slash tells it that the quote is part of the data instead of a quote to end the string. Javascript strings have a method called replace that you can use to find and replace characters (find a quote, replace it with a slash plus a quote), or you can use String.split and Array.join.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...