Question on ASP and .MDB use of single quotes/apostrophes
Everything runs fine until you enter in data that has an apostrophe/single quotation mark in it. When that happens, the server just spits it back out. So for example, in the comments section, if I enter in "This stuff doesn't work" the ' in the word doesn't messes everything up. Is there anything in my code that I can do to fix this problem? I'm guessing it's not a problem related to Access.
Below is the portion of my site with the asp code:
<?php
V_fname = ""
v_fname = request.form("fname")
v_lname = request.form("lname")
v_email = request.form("email")
v_school = request.form("school")
v_relation = request.form("relation")
v_mysite = request.form("mysite")
v_comments = request.form("comments")
beenthrough = request.form("beenthrough")
success = 0
if beenthrough = 1 then
if (v_fname <> "" OR v_lname <> "" OR v_email <> "" OR v_school <> "" OR v_relation <> "" OR v_mysite <> "" OR v_comment <> "") then
set conn = server.createobject("adodb.connection")
conn.open("DBQ=" & server.mappath("dcdomain.mdb") & ";DRIVER={Microsoft Access Driver (*.mdb)};")
conn.execute("INSERT INTO guestbook (FName, LName, EMail, School, Relation, Mysite, Comments) VALUES ('" & v_fname & "', '" & v_lname & "', '" & v_email & "', '" & v_school & "', '" & v_relation & "', '" & v_mysite & "', '" & v_comments & "')")
conn.close
success=1
else
?>error: please fill in all the fields
<?php
end if
if success = 1 then
response.redirect("thankyou.htm")
end if
end if
?>I heard that I need to convert the input into some other database friendly format? Thanks for any help you guys can provide.
"What I had, I gave today.
What I saved, I lost forever."
Mark Hensler posted this at 06:12 — 25th October 2001.
He has: 4,048 posts
Joined: Aug 2000
You need to escape the single quote. To do this, you just double the character. So, ' becomes '' (2 single quotes, not 1 double quote).
<%
V_fname = ""
v_fname = request.form("fname")
v_lname = request.form("lname")
v_email = request.form("email")
v_school = request.form("school")
v_relation = request.form("relation")
v_mysite = request.form("mysite")
v_comments = request.form("comments")
beenthrough = request.form("beenthrough")
' escape single quotes
v_fname = Replace(v_fname, "'", "''")
v_lname = Replace(v_lname, "'", "''")
v_email = Replace(v_email, "'", "''")
v_school = Replace(v_school, "'", "''")
v_relation = Replace(v_relation, "'", "''")
v_mysite = Replace(v_mysite, "'", "''")
v_comments = Replace(v_comments, "'", "''")
success = 0
if beenthrough = 1 then
if (v_fname <> "" OR v_lname <> "" OR v_email <> "" OR v_school <> "" OR v_relation <> "" OR v_mysite <> "" OR v_comment <> "") then
set conn = server.createobject("adodb.connection")
conn.open("DBQ=" & server.mappath("dcdomain.mdb") & ";DRIVER={Microsoft Access Driver (*.mdb)};")
conn.execute("INSERT INTO guestbook (FName, LName, EMail, School, Relation, Mysite, Comments)" & _
" VALUES ('" & v_fname & "', '" & v_lname & "', '" & v_email & "', '" & v_school & "', '" & v_relation & "', '" & v_mysite & "', '" & v_comments & "')")
conn.close
success=1
else
%>
error: please fill in all the fields
<%
end if
if success = 1 then
response.redirect("thankyou.htm")
end if
end if
%>
Mark Hensler
If there is no answer on Google, then there is no question.
dcdomain posted this at 07:10 — 25th October 2001.
They have: 24 posts
Joined: Oct 2001
Thanks Mark! Worked like a charm!
Don't you ever sleep? =D
Mark Hensler posted this at 07:22 — 25th October 2001.
He has: 4,048 posts
Joined: Aug 2000
I've been very bad about sleep the last week or so... never getting to bed before 1AM. (2/3 a few times)
I get up at 8AM, so I usually consider it a must to be in bed by midnight, but prefer something like 10PM.
I like my sanity sleep!
Mark Hensler
If there is no answer on Google, then there is no question.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.