Using ' in asp forms

programming
1

MAJOR Problem!
I’ve developed a competition for one of my clients, and they kept telling me that they get complaints from some of them, when they enter, they get a “page cannot be displayed”… It’s NEVER happened on my side, so we figured out what the problem is :
One of the answers had a ’ (apostrophe) in the sentence… So, whenever you enter and you press the submit button, it gives you that error… In IE its an HTTP 500 internal server error.
What must I do to prevent this happenening?

Please help… Think I’m on the verge of loosing my job here… eeeeek!!!:crying:

2

If the data from the form is inserted into a database (Access, MSSQL, etc.) then the apostrophe causes an internal server error because the SQL query is affected by the apostrophe. This is widely discussed problem and it is called ‘SQL injection’. Have a look at the following


string myValue = "I'm God";
string query = "INSERT INTO table(value) VALUES ('"+myValue+"')";

Then the query would be:

INSERT INTO table(value) VALUES ('I'm God');

As you can see this will raise a SQL syntax error. That is what your internal server error is coming from. Have a look at this page for information on how to solve the problem:

http://www.4guysfromrolla.com/webtech/061902-1.shtml

Good luck, and I hope you can keep the job!

Maurits

3

asp is evil. Php :smiley:

4

^
Your 2000 post and you wasted it…

5

I’m not sure about that, saying asp is evil and to use PHP is worth it. :smiley: