sinlge quotes replace problem

Discussion in 'ASP General' started by Roy Adams, May 31, 2004.

  1. Roy Adams

    Roy Adams Guest

    Hi group I'm having trouble using the replace command
    Here's my code below

    <%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
    <!--#include file="../../Connections/conn.asp" -->

    <%


    if( String(Request.Form("ProductName")) != "undefined" ){//formfield
    is not empty
    var NavID = 1;

    var ProductName = String(Request.Form("ProductName"));
    var Price = String(Request.Form("Price"));
    var Descript = String(Request.Form("Description"));
    var ProductCode = String(Request.Form("ProductCode"));
    //get the form fields and put into vars
    var TableFields = "ProductName,Price,Description,NavID,ProductCode";

    var FormFields = "'" + ProductName + "','" + Price + "','" + Descript
    + "','" + NavID + "','" + ProductCode+"'" ;

    /// it works ok if i remove the replace
    FormFields=FormFields.replace("'", "''");


    conn = Server.CreateObject('ADODB.Command');

    conn.ActiveConnection = conn_STRING;

    conn.CommandText = ("insert into products ("+ TableFields +") values
    ('" + FormFields + ")" );


    conn.Execute();
    conn.ActiveConnection.Close();

    }

    %>

    any suggestions?
     
    Roy Adams, May 31, 2004
    #1
    1. Advertising

  2. Roy Adams

    Slim Guest

    "Roy Adams" <> wrote in message
    news:...
    > Hi group I'm having trouble using the replace command
    > Here's my code below
    >
    > <%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
    > <!--#include file="../../Connections/conn.asp" -->
    >
    > <%
    >
    >
    > if( String(Request.Form("ProductName")) != "undefined" ){//formfield
    > is not empty
    > var NavID = 1;
    >
    > var ProductName = String(Request.Form("ProductName"));
    > var Price = String(Request.Form("Price"));
    > var Descript = String(Request.Form("Description"));
    > var ProductCode = String(Request.Form("ProductCode"));
    > //get the form fields and put into vars
    > var TableFields = "ProductName,Price,Description,NavID,ProductCode";
    >
    > var FormFields = "'" + ProductName + "','" + Price + "','" + Descript
    > + "','" + NavID + "','" + ProductCode+"'" ;
    >
    > /// it works ok if i remove the replace
    > FormFields=FormFields.replace("'", "''");


    try

    FormFields=replace(FormFields,"'", "''");



    >
    >
    > conn = Server.CreateObject('ADODB.Command');
    >
    > conn.ActiveConnection = conn_STRING;
    >
    > conn.CommandText = ("insert into products ("+ TableFields +") values
    > ('" + FormFields + ")" );
    >
    >
    > conn.Execute();
    > conn.ActiveConnection.Close();
    >
    > }
    >
    > %>
    >
    > any suggestions?
     
    Slim, May 31, 2004
    #2
    1. Advertising

  3. Roy Adams

    TomB Guest

    This...
    conn.CommandText = ("insert into products ("+ TableFields +") values
    ('" + FormFields + ")" );

    Looks like it has an apostrophe right after the opening bracket.
    You've replaced all of your form field delimiters with double apostrophes.
    So your statement is going to look like.....
    insert into products (ProductName,Price,Description,NavID,ProductCode)
    values
    (''productname'',''price'',''description'',''navid'',''productcode'')

    I believe what you want to do is.....

    Price.replace("'","''")
    ProductName.Replace("'","''")
    //ETC..

    var FormFields = "'" + ProductName + "','" + Price + "','" + Descript
    + "','" + NavID + "','" + ProductCode+"'" ;

    So that your result will look like
    insert into products (ProductName,Price,Description,NavID,ProductCode)
    values
    ('product''sname',price,'description',navid,'productcode')

    Note the double apostrophe after the t in productsname. This will insert
    product'sname into the ProductName field.
    You'll also note that price has no apostrophes as I'm assuming that's a
    number field.



    "Roy Adams" <> wrote in message
    news:...
    > Hi group I'm having trouble using the replace command
    > Here's my code below
    >
    > <%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
    > <!--#include file="../../Connections/conn.asp" -->
    >
    > <%
    >
    >
    > if( String(Request.Form("ProductName")) != "undefined" ){//formfield
    > is not empty
    > var NavID = 1;
    >
    > var ProductName = String(Request.Form("ProductName"));
    > var Price = String(Request.Form("Price"));
    > var Descript = String(Request.Form("Description"));
    > var ProductCode = String(Request.Form("ProductCode"));
    > //get the form fields and put into vars
    > var TableFields = "ProductName,Price,Description,NavID,ProductCode";
    >
    > var FormFields = "'" + ProductName + "','" + Price + "','" + Descript
    > + "','" + NavID + "','" + ProductCode+"'" ;
    >
    > /// it works ok if i remove the replace
    > FormFields=FormFields.replace("'", "''");
    >
    >
    > conn = Server.CreateObject('ADODB.Command');
    >
    > conn.ActiveConnection = conn_STRING;
    >
    > conn.CommandText = ("insert into products ("+ TableFields +") values
    > ('" + FormFields + ")" );
    >
    >
    > conn.Execute();
    > conn.ActiveConnection.Close();
    >
    > }
    >
    > %>
    >
    > any suggestions?
     
    TomB, May 31, 2004
    #3
  4. Roy Adams

    Roy Guest

    Hi TomB
    thanks for your help, you were exactly right,
    but after i did that i found that it worked for the first single quote
    but found now if a user inputs more than one single or double quote into
    the text field it threw up errors again so i tried
    ProductName=ProductName.replace(/'/g, "''");
    which worked!!
    cheers

    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    Roy, May 31, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris White

    Quotes/Double Quotes in Image Control

    Chris White, Sep 22, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    4,912
    Hermit Dave
    Sep 22, 2004
  2. Chris
    Replies:
    1
    Views:
    13,756
    Oisin
    Mar 24, 2006
  3. Lawrence Tierney

    Multiline quotes - escaping quotes - et al

    Lawrence Tierney, Dec 24, 2003, in forum: Java
    Replies:
    3
    Views:
    4,547
    Andrew Thompson
    Dec 24, 2003
  4. jOhn
    Replies:
    1
    Views:
    269
    Phlip
    Jan 29, 2008
  5. Richard Sandoval
    Replies:
    5
    Views:
    231
    7stud --
    Apr 26, 2011
Loading...

Share This Page