Hi guys,

I am just curious if there is a good way/standard procedure on how to prevent ambiguous characters that will be inserted and queried in your database.

Like for example, I have a user inputted a paragraph like this one in my forum.

testing insert invalid characters "','" & test & "','" &%^@#$(%@^)

Well, for me, it will give a problem without replacing/cleaning the "','" chars. when using it in our INSERT INTO statement.


So what I do right now is encrypt the data. I dont use the Replace() or any good functions to clear that up.

So Any of you wants to post same learning and problem here? Thank you in Advance.


Regards,

Mark

____________________________
CLIPER

MySQL and MS-SQL accept these special characters in text queries but they need to have a backslash character before special characters...so before concatenating the text with what's written by the user you should use a function do add backslashes.

Public Function AddSlashes(ByVal strText As String) As String     'escape the single Backslash     strText = Replace(strText, "\", "\\")     'escape single quote     strText = Replace(strText, "'", "\'")     'escape double quote     strText = Replace(strText, """", "\""")     AddSlashes = strText End Function

let me know if it works...

____________________________
AndreaVB