Bad SQL chars

Results 1 to 2 of 2

Thread: Bad SQL chars

  1. #1
    Join Date
    Dec 1969

    Default Bad SQL chars

    I have some ASP where I build up a query something like this...<BR><BR>"SELECT * FROM someTable WHERE someField=&#039;" & Request("field") & "&#039;"<BR><BR>problem comes if someone enters a char like &#039; in field. Is there anything I can do to clean up incoming request params... or what is the complete list of things I shouldnt allow?<BR><BR>thanks

  2. #2
    J. Paul Schmidt Guest

    Default RE: Bad SQL chars

    Here is a relevant link:<BR><BR>How to Deal with Apostrophes in your SQL String - 5/18/1999<BR><BR>Just uses a Replace function.<BR><BR>Best regards,<BR>-Paul<BR><BR>J. Paul Schmidt, MBA<BR>Databases on the Web<BR><BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts