S
Stephen Adam
Hi there,
I am working on a project were a user can update a SQL Server DB via a web
form. I've included a number of text boxes for a user to enter in strings.
The text from these boxes is then used in an update command. My problem is
if the user enters any speech marks then it will break the code as they are
interpretted as the end of the SQL statement. I'm sure there are other
characters which will also cause problems.
Here is a code snippet.
sSQL = "INSERT INTO t_links VALUES (" & "'" & tbLinkName.Text() & "'" & ","
& "'" & tbLinkAddress.Text() & "'" & "," & "'" & tbLinkDescription.Text() &
"'" & ")"
Is there any automated way of turning the contents of these text boxes into
their literal form so the contents can be safely used in this way?
In PHP you've got HTMLSpecialChars function which will turn script/html into
the actual text we want. Is there anything like this I can use for VB.net?
Thanks
Steve
I am working on a project were a user can update a SQL Server DB via a web
form. I've included a number of text boxes for a user to enter in strings.
The text from these boxes is then used in an update command. My problem is
if the user enters any speech marks then it will break the code as they are
interpretted as the end of the SQL statement. I'm sure there are other
characters which will also cause problems.
Here is a code snippet.
sSQL = "INSERT INTO t_links VALUES (" & "'" & tbLinkName.Text() & "'" & ","
& "'" & tbLinkAddress.Text() & "'" & "," & "'" & tbLinkDescription.Text() &
"'" & ")"
Is there any automated way of turning the contents of these text boxes into
their literal form so the contents can be safely used in this way?
In PHP you've got HTMLSpecialChars function which will turn script/html into
the actual text we want. Is there anything like this I can use for VB.net?
Thanks
Steve
