mysql_real_escape_string() on ASP

**joeyramirez** · Dec 28, 2011, 00:53

Is there a VBScript/ASP that works like mysql_real_escape_string()???

**awasson** · Dec 28, 2011, 11:03

Have you checked the Funky Functions Thread?

http://www.sitepoint.com/forums/show...nctions-in-ASP

**joeyramirez** · Dec 28, 2011, 17:14

Thanks.I'm gonna work on it.

**joeyramirez** · Dec 28, 2011, 18:17

I tried this code and it works.

<%
Dim MyVariable, SQL
MyVariable="My name is Michael, I'm a developer"
MyVariable =Replace(MyVariable,"'","''")
SQL = "INSERT INTO TableName(TablefieldName) VALUES ('" & MyVariable & "')"
%>

**awasson** · Dec 28, 2011, 21:37

I like using this one called clean quotes because it's pretty thorough: http://www.sitepoint.com/forums/show...ape#post312576

Also here's a little library of PHP-like functions: http://www.sitepoint.com/forums/show...an#post1980880

**joeyramirez** · Dec 28, 2011, 21:40

I can't apply those funky functions to my page.

**awasson** · Dec 28, 2011, 21:48

Here you go. This is from the second link.

<%

function AddSlashes(str)
AddSlashes = replace(str,"'","''")
end function

Dim MyVariable, SQL
MyVariable="My name is Michael, I'm a developer"

MyVariable =AddSlashes(MyVariable)

SQL = "INSERT INTO TableName(TablefieldName) VALUES ('" & MyVariable & "')"

%>

**joeyramirez** · Dec 28, 2011, 22:18

How about html tags?for example, I'm going to insert <html>,it will be added on my database ,but doesn't show on my asp page,unless you view the source.

User Tag List

Thread: mysql_real_escape_string() on ASP

Thread Tools

Display

mysql_real_escape_string() on ASP

Bookmarks

Bookmarks

Posting Permissions