View Full Version : escaping commas when uploading from form

space cowboy
04-11-2007, 10:41 AM
Im looking for some help... I have a simple form on my site that uploads some text to a database (access).

here is the form....

<form name="frmInsert" method="post" action="insertProcess.asp">
<input type="hidden" name="insrow" value="1">
<p>Subject<br/><input type="text" name="newsMonth1" size="30"></p>
<p>News Body<br/>
<textarea name="newsItem1" cols="35" rows="8" id="Address"></textarea></p>
<input type="submit" value="Submit">

and here is the part that uploads....

Dim Conn
Dim SQLTemp

If request("insrow") = "1" THEN
newsItem2 = request("newsItem1")
newsMonth2 = request("newsMonth1")

Set Conn = Server.CreateObject("ADODB.Connection")
Conn.connectionstring = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" _
& Server.Mappath("../one.mdb") & ";"

SQLTemp = "INSERT INTO bevRacesNews (newsItem, newsMonth) VALUES ('" & newsItem2 & "','" & newsMonth2 & "')"

Set Conn = Nothing
response.write("<p>new news item inserted!</p><p>&nbsp;</p><p><a href=""admin.asp"" class=""Green"">back to admin options</a></p>")
End If

But if within this form I insert certain characters, mainly ''''''
it doesnt upload. I know I need to escape these, but how?


04-11-2007, 11:28 AM
see this sticky on top of this forum: click (http://www.codingforums.com/showthread.php?t=9843)