string manipulations

Discussion in 'ASP General' started by bbell1980@gmail.com, Oct 26, 2007.

  1. Guest

    I can do this in vb.net but I can not do it in this asp code.

    the user is writing what ever text into a text box and posting it to a
    access database. problem is when they use words such as (we'll, can't,
    shouldn't,) it will not go in because of the single quote mark.

    I am trying to replace any single quote mark with the HTML code
    "‚"

    so I recoded the .asp script and now get this error

    **********************************************************
    Microsoft VBScript runtime error '800a01a8'

    Object required: ''

    /admin/news_add_action.asp, line 8

    *********************************************************

    here is the code I've been using:

    Set objConn = Server.CreateObject("ADODB.Connection")
    objConn.Open sDSN

    dim thenews

    thenews.text = Request.form("newsbody")

    dim singlequote

    singlequote = Replace(singlequote, "Chr(39)", "‚")

    sSQL = "INSERT INTO news(newsTitle, newsBody, newsDate) values('" &
    Request.Form("newsTitle") & "','" & singlequote & "',#" & Date() &
    "#)"

    response.write sSQL

    objConn.Execute(sSQL)

    Response.Redirect "news.asp"

    objConn.Close
    Set objConn = NOTHING
    %>
     
    , Oct 26, 2007
    #1
    1. Advertising

  2. wrote:
    > I can do this in vb.net but I can not do it in this asp code.


    Presumably, you mean "vbscript", not "asp code"
    >
    > the user is writing what ever text into a text box and posting it to a
    > access database. problem is when they use words such as (we'll, can't,
    > shouldn't,) it will not go in because of the single quote mark.
    >
    > I am trying to replace any single quote mark with the HTML code
    > "‚"
    >


    Don't bother. Use parameters. See here for a better, more secure way to
    execute your queries by using
    parameter markers:
    http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

    Personally, I prefer using stored procedures, or saved parameter queries
    as they are known in Access:

    http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=

    http://groups.google.com/groups?hl=...=1&selm=



    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
     
    Bob Barrows [MVP], Oct 26, 2007
    #2
    1. Advertising

  3. Guest

    On Oct 26, 3:49 pm, "Bob Barrows [MVP]" <>
    wrote:
    > wrote:
    > > I can do this in vb.net but I can not do it in this asp code.

    >
    > Presumably, you mean "vbscript", not "asp code"
    >
    >
    >
    > > the user is writing what ever text into a text box and posting it to a
    > > access database. problem is when they use words such as (we'll, can't,
    > > shouldn't,) it will not go in because of the single quote mark.

    >
    > > I am trying to replace any single quote mark with the HTML code
    > > "&sbquo;"

    >
    > Don't bother. Use parameters. See here for a better, more secure way to
    > execute your queries by using
    > parameter markers:http://groups-beta.google.com/group/microsoft.public.inetserver.asp.d...
    >
    > Personally, I prefer using stored procedures, or saved parameter queries
    > as they are known in Access:
    >
    > http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvO...
    >
    > http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&selm=eHYx...
    >
    > --
    > Microsoft MVP -- ASP/ASP.NET
    > Please reply to the newsgroup. The email account listed in my From
    > header is my spam trap, so I don't check it very often. You will get a
    > quicker response by posting to the newsgroup.


    I don't think you understand I just want to replace the single quotes
    with a string.
     
    , Oct 26, 2007
    #3
  4. wrote:
    > On Oct 26, 3:49 pm, "Bob Barrows [MVP]" <>
    > wrote:
    >> wrote:
    >>> I can do this in vb.net but I can not do it in this asp code.

    >>
    >> Presumably, you mean "vbscript", not "asp code"
    >>
    >>
    >>
    >>> the user is writing what ever text into a text box and posting it
    >>> to a access database. problem is when they use words such as
    >>> (we'll, can't, shouldn't,) it will not go in because of the single
    >>> quote mark.

    >>
    >>> I am trying to replace any single quote mark with the HTML code
    >>> "&sbquo;"

    >>
    >> Don't bother. Use parameters. See here for a better, more secure way
    >> to
    >> execute your queries by using
    >> parameter
    >>

    markers:http://groups-beta.google.com/group/microsoft.public.inetserver.
    asp.d...
    >>
    >> Personally, I prefer using stored procedures, or saved parameter
    >> queries
    >> as they are known in Access:
    >>
    >>

    http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvO...
    >>
    >>

    http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&selm=eHYx...
    >>


    > I don't think you understand I just want to replace the single quotes
    > with a string.


    Oh! I do understand. I'm trying to tell you your plan is a bad idea and
    totally unnecessary. I'm also trying to steer you away from using
    dynamic sql, the use of which can leave your site vulnerable to hackers
    using sql injection:
    http://mvp.unixwiz.net/techtips/sql-injection.html
    http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

    However, your "Object Required" error is due to this line:

    thenews.text = Request.form("newsbody")

    thenews is not an object. Therefore it does not have a "text" property.

    Also, this is a problem:
    dim singlequote

    singlequote = Replace(singlequote, "Chr(39)", "&sbquo;")

    singlequote does not contain anything so Replace cannot replace
    anything.


    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
     
    Bob Barrows [MVP], Oct 26, 2007
    #4
  5. Guest

    On Oct 26, 4:38 pm, "Bob Barrows [MVP]" <>
    wrote:
    > wrote:
    > > On Oct 26, 3:49 pm, "Bob Barrows [MVP]" <>
    > > wrote:
    > >> wrote:
    > >>> I can do this in vb.net but I can not do it in this asp code.

    >
    > >> Presumably, you mean "vbscript", not "asp code"

    >
    > >>> the user is writing what ever text into a text box and posting it
    > >>> to a access database. problem is when they use words such as
    > >>> (we'll, can't, shouldn't,) it will not go in because of the single
    > >>> quote mark.

    >
    > >>> I am trying to replace any single quote mark with the HTML code
    > >>> "&sbquo;"

    >
    > >> Don't bother. Use parameters. See here for a better, more secure way
    > >> to
    > >> execute your queries by using
    > >> parameter

    >
    > markers:http://groups-beta.google.com/group/microsoft.public.inetserver.
    > asp.d...
    >
    > >> Personally, I prefer using stored procedures, or saved parameter
    > >> queries
    > >> as they are known in Access:

    >
    > http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvO...
    >
    > http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&selm=eHYx...
    >
    >
    >
    > > I don't think you understand I just want to replace the single quotes
    > > with a string.

    >
    > Oh! I do understand. I'm trying to tell you your plan is a bad idea and
    > totally unnecessary. I'm also trying to steer you away from using
    > dynamic sql, the use of which can leave your site vulnerable to hackers
    > using sql injection:http://mvp.unixwiz.net/techtips/sql....sqlsecurity.com/DesktopDefault.aspx?tabid=23
    >
    > However, your "Object Required" error is due to this line:
    >
    > thenews.text = Request.form("newsbody")
    >
    > thenews is not an object. Therefore it does not have a "text" property.
    >
    > Also, this is a problem:
    > dim singlequote
    >
    > singlequote = Replace(singlequote, "Chr(39)", "&sbquo;")
    >
    > singlequote does not contain anything so Replace cannot replace
    > anything.
    >
    > --
    > Microsoft MVP -- ASP/ASP.NET
    > Please reply to the newsgroup. The email account listed in my From
    > header is my spam trap, so I don't check it very often. You will get a
    > quicker response by posting to the newsgroup.


    Sorry if I sound rude. I'm just feeling pressured and I have not
    finished school yet, no one has taught me vbscript, I know vb.net OK.
    and I just got this job. and I just needed to fix this script.
     
    , Oct 26, 2007
    #5
  6. Dooza Guest

    wrote:
    > On Oct 26, 4:38 pm, "Bob Barrows [MVP]" <>
    > wrote:
    >> wrote:
    >>> On Oct 26, 3:49 pm, "Bob Barrows [MVP]" <>
    >>> wrote:
    >>>> wrote:
    >>>>> I can do this in vb.net but I can not do it in this asp code.
    >>>> Presumably, you mean "vbscript", not "asp code"
    >>>>> the user is writing what ever text into a text box and posting it
    >>>>> to a access database. problem is when they use words such as
    >>>>> (we'll, can't, shouldn't,) it will not go in because of the single
    >>>>> quote mark.
    >>>>> I am trying to replace any single quote mark with the HTML code
    >>>>> "&sbquo;"
    >>>> Don't bother. Use parameters. See here for a better, more secure way
    >>>> to
    >>>> execute your queries by using
    >>>> parameter

    >> markers:http://groups-beta.google.com/group/microsoft.public.inetserver.
    >> asp.d...
    >>
    >>>> Personally, I prefer using stored procedures, or saved parameter
    >>>> queries
    >>>> as they are known in Access:

    >> http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvO...
    >>
    >> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&selm=eHYx...
    >>
    >>
    >>
    >>> I don't think you understand I just want to replace the single quotes
    >>> with a string.

    >> Oh! I do understand. I'm trying to tell you your plan is a bad idea and
    >> totally unnecessary. I'm also trying to steer you away from using
    >> dynamic sql, the use of which can leave your site vulnerable to hackers
    >> using sql injection:http://mvp.unixwiz.net/techtips/sql....sqlsecurity.com/DesktopDefault.aspx?tabid=23
    >>
    >> However, your "Object Required" error is due to this line:
    >>
    >> thenews.text = Request.form("newsbody")
    >>
    >> thenews is not an object. Therefore it does not have a "text" property.
    >>
    >> Also, this is a problem:
    >> dim singlequote
    >>
    >> singlequote = Replace(singlequote, "Chr(39)", "&sbquo;")
    >>
    >> singlequote does not contain anything so Replace cannot replace
    >> anything.
    >>
    >> --
    >> Microsoft MVP -- ASP/ASP.NET
    >> Please reply to the newsgroup. The email account listed in my From
    >> header is my spam trap, so I don't check it very often. You will get a
    >> quicker response by posting to the newsgroup.

    >
    > Sorry if I sound rude. I'm just feeling pressured and I have not
    > finished school yet, no one has taught me vbscript, I know vb.net OK.
    > and I just got this job. and I just needed to fix this script.
    >


    <%
    thenews = Request.Form("newsbody")
    thenews = Replace(thenews,"Chr(39)", "&sbquo;")
    %>
     
    Dooza, Nov 20, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Stan Sainte-Rose

    Image Manipulations (how to set legends)

    Stan Sainte-Rose, Oct 2, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    560
    jongalloway
    Oct 2, 2004
  2. Lorn

    String manipulations

    Lorn, May 28, 2005, in forum: Python
    Replies:
    5
    Views:
    336
  3. PyPK

    Pixel Manipulations

    PyPK, Sep 28, 2005, in forum: Python
    Replies:
    1
    Views:
    326
    Terry Reedy
    Sep 28, 2005
  4. PyPK

    Pixel Manipulations

    PyPK, Sep 28, 2005, in forum: C++
    Replies:
    6
    Views:
    336
    mlimber
    Sep 29, 2005
  5. Lawrence D'Oliveiro

    Pathname Manipulations

    Lawrence D'Oliveiro, Mar 4, 2011, in forum: Java
    Replies:
    4
    Views:
    358
    Roedy Green
    Mar 4, 2011
Loading...

Share This Page