On Oct 26, 3:49 pm, "Bob Barrows [MVP]" <reb01...@NOyahoo.SPAMcom>
wrote:
> bbell1***@gmail.com wrote:
> > I can do this in vb.net but I can not do it in this asp code.
>
> Presumably, you mean "vbscript", not "asp code"
>
>
>
> > the user is writing what ever text into a text box and posting it to a
> > access database. problem is when they use words such as (we'll, can't,
> > shouldn't,)  it will not go in because of the single quote mark.
>
> > I am trying to replace any single quote mark with the HTML code
> > "&sbquo;"
>
> Don't bother. Use parameters. See here for a better, more secure way to
> execute your queries by using
> parameter markers:http://groups-beta.google.com/group/microsoft.public.inetserver.asp.d...
>
> Personally, I prefer using stored procedures, or saved parameter queries
> as they are known in Access:
>
> http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvO...
>
> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&selm=eHYx...
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.

> On Oct 26, 3:49 pm, "Bob Barrows [MVP]" <reb01...@NOyahoo.SPAMcom>
> wrote:
>> bbell1***@gmail.com wrote:
>>> I can do this in vb.net but I can not do it in this asp code.
>>
>> Presumably, you mean "vbscript", not "asp code"
>>
>>
>>
>>> the user is writing what ever text into a text box and posting it
>>> to a access database. problem is when they use words such as
>>> (we'll, can't, shouldn't,)  it will not go in because of the single
>>> quote mark.
>>
>>> I am trying to replace any single quote mark with the HTML code
>>> "&sbquo;"
>>
>> Don't bother. Use parameters. See here for a better, more secure way
>> to
>> execute your queries by using
>> parameter
>>

On Oct 26, 4:38 pm, "Bob Barrows [MVP]" <reb01...@NOyahoo.SPAMcom>
wrote:
> bbell1***@gmail.com wrote:
> > On Oct 26, 3:49 pm, "Bob Barrows [MVP]" <reb01...@NOyahoo.SPAMcom>
> > wrote:
> >> bbell1***@gmail.com wrote:
> >>> I can do this in vb.net but I can not do it in this asp code.
>
> >> Presumably, you mean "vbscript", not "asp code"
>
> >>> the user is writing what ever text into a text box and posting it
> >>> to a access database. problem is when they use words such as
> >>> (we'll, can't, shouldn't,)  it will not go in because of the single
> >>> quote mark.
>
> >>> I am trying to replace any single quote mark with the HTML code
> >>> "&sbquo;"
>
> >> Don't bother. Use parameters. See here for a better, more secure way
> >> to
> >> execute your queries by using
> >> parameter
>
> markers:http://groups-beta.google.com/group/microsoft.public.inetserver.
> asp.d...
>
> >> Personally, I prefer using stored procedures, or saved parameter
> >> queries
> >> as they are known in Access:
>
> http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvO...
>
> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&selm=eHYx...
>
>
>
> > I don't think you understand I just want to replace the single quotes
> > with a string.
>
> Oh! I do understand. I'm trying to tell you your plan is a bad idea and
> totally unnecessary. I'm also trying to steer you away from using
> dynamic sql, the use of which can leave your site vulnerable to hackers
> using sql injection:http://mvp.unixwiz.net/techtips/sql-injection.htmlhttp://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
>
> However, your "Object Required" error is due to this line:
>
> thenews.text = Request.form("newsbody")
>
> thenews is not an object. Therefore it does not have a "text" property.
>
> Also, this is a problem:
> dim singlequote
>
> singlequote = Replace(singlequote, "Chr(39)", "&sbquo;")
>
> singlequote does not contain anything so Replace cannot replace
> anything.
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.

> On Oct 26, 4:38 pm, "Bob Barrows [MVP]" <reb01...@NOyahoo.SPAMcom>
> wrote:
>> bbell1***@gmail.com wrote:
>>> On Oct 26, 3:49 pm, "Bob Barrows [MVP]" <reb01...@NOyahoo.SPAMcom>
>>> wrote:
>>>> bbell1***@gmail.com wrote:
>>>>> I can do this in vb.net but I can not do it in this asp code.
>>>> Presumably, you mean "vbscript", not "asp code"
>>>>> the user is writing what ever text into a text box and posting it
>>>>> to a access database. problem is when they use words such as
>>>>> (we'll, can't, shouldn't,)  it will not go in because of the single
>>>>> quote mark.
>>>>> I am trying to replace any single quote mark with the HTML code
>>>>> "&sbquo;"
>>>> Don't bother. Use parameters. See here for a better, more secure way
>>>> to
>>>> execute your queries by using
>>>> parameter
>> markers:http://groups-beta.google.com/group/microsoft.public.inetserver.
>> asp.d...
>>
>>>> Personally, I prefer using stored procedures, or saved parameter
>>>> queries
>>>> as they are known in Access:
>> http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=e6lLVvO...
>>
>> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&selm=eHYx...
>>
>>
>>
>>> I don't think you understand I just want to replace the single quotes
>>> with a string.
>> Oh! I do understand. I'm trying to tell you your plan is a bad idea and
>> totally unnecessary. I'm also trying to steer you away from using
>> dynamic sql, the use of which can leave your site vulnerable to hackers
>> using sql injection:http://mvp.unixwiz.net/techtips/sql-injection.htmlhttp://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
>>
>> However, your "Object Required" error is due to this line:
>>
>> thenews.text = Request.form("newsbody")
>>
>> thenews is not an object. Therefore it does not have a "text" property.
>>
>> Also, this is a problem:
>> dim singlequote
>>
>> singlequote = Replace(singlequote, "Chr(39)", "&sbquo;")
>>
>> singlequote does not contain anything so Replace cannot replace
>> anything.
>>
>> --
>> Microsoft MVP -- ASP/ASP.NET
>> Please reply to the newsgroup. The email account listed in my From
>> header is my spam trap, so I don't check it very often. You will get a
>> quicker response by posting to the newsgroup.
>
> Sorry if I sound rude.  I'm just feeling pressured and I have not
> finished school yet, no one has taught me vbscript, I know vb.net OK.
> and I just got this job. and I just needed to fix this script.
>