string manipulations

B

bbell1980

I can do this in vb.net but I can not do it in this asp code.

the user is writing what ever text into a text box and posting it to a
access database. problem is when they use words such as (we'll, can't,
shouldn't,) it will not go in because of the single quote mark.

I am trying to replace any single quote mark with the HTML code
"‚"

so I recoded the .asp script and now get this error

**********************************************************
Microsoft VBScript runtime error '800a01a8'

Object required: ''

/admin/news_add_action.asp, line 8

*********************************************************

here is the code I've been using:

Set objConn = Server.CreateObject("ADODB.Connection")
objConn.Open sDSN

dim thenews

thenews.text = Request.form("newsbody")

dim singlequote

singlequote = Replace(singlequote, "Chr(39)", "‚")

sSQL = "INSERT INTO news(newsTitle, newsBody, newsDate) values('" &
Request.Form("newsTitle") & "','" & singlequote & "',#" & Date() &
"#)"

response.write sSQL

objConn.Execute(sSQL)

Response.Redirect "news.asp"

objConn.Close
Set objConn = NOTHING
%>
 
B

Bob Barrows [MVP]

I can do this in vb.net but I can not do it in this asp code.
Click to expand...

Presumably, you mean "vbscript", not "asp code"
the user is writing what ever text into a text box and posting it to a
access database. problem is when they use words such as (we'll, can't,
shouldn't,) it will not go in because of the single quote mark.

I am trying to replace any single quote mark with the HTML code
"‚"
Click to expand...

Don't bother. Use parameters. See here for a better, more secure way to
execute your queries by using
parameter markers:
http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

Personally, I prefer using stored procedures, or saved parameter queries
as they are known in Access:

http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&[email protected]

http://groups.google.com/groups?hl=...=1&[email protected]
 
B

bbell1980

Presumably, you mean "vbscript", not "asp code"





Don't bother. Use parameters. See here for a better, more secure way to
execute your queries by using
parameter markers:http://groups-beta.google.com/group/microsoft.public.inetserver.asp.d...

Personally, I prefer using stored procedures, or saved parameter queries
as they are known in Access:

http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvO...

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&selm=eHYx...

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Click to expand...

I don't think you understand I just want to replace the single quotes
with a string.
 
B

Bob Barrows [MVP]

markers:http://groups-beta.google.com/group/microsoft.public.inetserver.
asp.d...
Click to expand...
I don't think you understand I just want to replace the single quotes
with a string.
Click to expand...

Oh! I do understand. I'm trying to tell you your plan is a bad idea and
totally unnecessary. I'm also trying to steer you away from using
dynamic sql, the use of which can leave your site vulnerable to hackers
using sql injection:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

However, your "Object Required" error is due to this line:

thenews.text = Request.form("newsbody")

thenews is not an object. Therefore it does not have a "text" property.

Also, this is a problem:
dim singlequote

singlequote = Replace(singlequote, "Chr(39)", "‚")

singlequote does not contain anything so Replace cannot replace
anything.
 
B

bbell1980

Oh! I do understand. I'm trying to tell you your plan is a bad idea and
totally unnecessary. I'm also trying to steer you away from using
dynamic sql, the use of which can leave your site vulnerable to hackers
using sql injection:http://mvp.unixwiz.net/techtips/sql....sqlsecurity.com/DesktopDefault.aspx?tabid=23

However, your "Object Required" error is due to this line:

thenews.text = Request.form("newsbody")

thenews is not an object. Therefore it does not have a "text" property.

Also, this is a problem:
dim singlequote

singlequote = Replace(singlequote, "Chr(39)", "‚")

singlequote does not contain anything so Replace cannot replace
anything.

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Click to expand...

Sorry if I sound rude. I'm just feeling pressured and I have not
finished school yet, no one has taught me vbscript, I know vb.net OK.
and I just got this job. and I just needed to fix this script.
 
D

Dooza

Sorry if I sound rude. I'm just feeling pressured and I have not
finished school yet, no one has taught me vbscript, I know vb.net OK.
and I just got this job. and I just needed to fix this script.
Click to expand...

<%
thenews = Request.Form("newsbody")
thenews = Replace(thenews,"Chr(39)", "&sbquo;")
%>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

string manipulation .ASP script 4
No data return from ASP but Access returns correctly. 1
need more help on split, replace and inserting into a databse 4
NextRecordset 6
Code Doesn't Listen...Avoids Sub & Inserts Data Twice??? 1
asp and ms sql 10
Question about login script 0
ASP Amphasand, XML 6

Members online

No members online now.
Total: 37 (members: 1, guests: 36)
Robots: 478

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top