SQL + ' and "

[old.[ESZ]Khan]

I am currently working on a news script, I think its all there apart from when someone add's a post and includes a ' or a " the replace statement removes then from the string [Other wise it breaks the sql statement].

If there a way of searching through the string replaceing the ' and " with some text that will actually work and keep the ' and " in the database?


Many Thanks,


Khan

 

[old.Jas]

You have to use double quotes in the statement - eg '' or ""

endvalue= Replace(startvalue, "'", "''")

Mate - read some FAQs b4 you post yeah?
http://www.aspfaqs.com/aspfaqs/

 

[old.[ESZ]Khan]

I have read the FAQ but couldn't find it [Bet I was looking with me eye's closed again ]


But thanks for the help


Khan

 

[Tempy_Incursion]

If using PHP you can either do this by using str_replace() (or ereg_replace) or by using addslashes() for anything that needs to be added into the DB, would enable ' and " to be allowed. I often use stripslashes() also when retrieving data from a DB just in case the slashes remain.

$endvalue = str_replace($startvalue, "'", "''"); 
-or-
$value = addslashes($value);