I have been updating a datbase using request.form in my SQL statements. I ran into a problem when the user entered info is something like "Today's special is chicken" cause the SQL statement is run through it thinks that the "'" in Today's is the end of the string which of course its not. How do I deal with this?
Here is an example
SQL statement becomes:
how do I work around this?
I think you need the addslashes and strip slashes functions.
To add the escape character ("\" in this case), just use
$text = addslashes ($text);
and to get the original string back (usually, when you query the database to retrieve the content) use
Sounds like you are using ASP not PHP so the above probably won't work. You need to replace the ' with its ascii counterpart before inserting into the db.
Your correct Im using ASP and SQL server. Is there an easy way to make the change? It seems that PHP has a built in function to do that. Is there a quick fix in ASP?
I don't really think so I think you may have top use the replace function to replace the quotes with ascii equiliants, but I am sure if wluke is checking this post he can shed some light on this, I know he is the ASP Man