Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Apostrohy's in an email address

Status
Not open for further replies.
oldwen

oldwen

Programmer
Dec 2, 2003
23
US
Hello all,

I have a webform that when submitted updates an Access database. I had a customer today that has and apostrophy in their email address (ie strong'man@yahoo.com). I was recieving a syntax error because of this. My code works like this. Submit form, assign a request.form value to a variable, place variable in SQL string, update DB. How can I use a similar technique and keep the apostrophy?

Acutal Code:

Dim first, last, Title, Cname, Address, City, State, Zip, Phone, fax, Email
Dim orig, quality, reo, q1, q2, q3, loc

first = Request.Form("first")
last = Request.Form("last")
title = Request.Form("Title")
cname = Request.Form("cname")
Address = Request.Form("Address")
City = Request.Form("City")
State = Request.Form("State")
Zip = Request.Form("Zip")
Phone = Request.Form("Phone")
fax = Request.Form("fax")
Email = Request.Form("Email")
orig = Request.Form("c1")
quality = Request.Form("c2")
reo = Request.Form("c3")
q1 = Request.Form("q1")
q2 = Request.Form("q2")
q3 = Request.Form("q3")

INSERT INTO Orlando (Fname, Lname, Title, Company, Address, City, State, Zip, Phone, Fax, Email, Origination, Quality, REO, q1, q2, q3) VALUES ('"&first&"', '"&Last&"', '"&Title&"', '"&cname&"', '"&Address&"', '"&City&"', '"&State&"', '"&Zip&"', '"&Phone&"', '"&Fax&"', '"&Email&"', '"&Orig&"', '"&Quality&"', '"&REO&"', '"&q1&"', '"&q2&"', '"&q3&"')"

Any help would be great.

Oldwen
 
Sort by date Sort by votes
try doing a search in google.com on SQL Injection. you're eyes will be wide open at what you'll find.

also there are many, many threads on this topic here and many, many replies that answer it with examples.

hope that helps

___________________________________________________________________

The answer to your ??'s may be closer then you think.
Check out Tek-Tips knowledge bank by clicking the FAQ link at the top of the page
 
Upvote 0 Downvote
use replace() to replace the apostrophy

eg:

Email=Replace(Request.Form("Email"),"'","''")

this will stop the error and keep your email address with the apostrophy.
 
Upvote 0 Downvote
If you don't follow onpnt's suggestion and read up on sql injection, at least make sure to NEVER ALLOW A USER TO SUBMIT A SINGLE QUOTE TO YOUR DATABASE!!!!

Programming today is a race between software engineers striving to build better and bigger idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. - Rick Cook (No, I'm not Rick)

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leifoet
  • Locked
  • Question
Code does not run in Microsoft Edge - it does in Google Chrome
Replies
3
Views
936
leifoet
leifoet
JScannell
  • Locked
  • Question
Border issue with Google Chrome on an Android phone
Replies
0
Views
558
JScannell
JScannell
leifoet
  • Locked
  • Question
First execute an input command and only then proceed with displaying the next record of the table
Replies
0
Views
465
leifoet
leifoet
leifoet
  • Locked
  • Question
How to send HTML emails with ASP classic?
Replies
0
Views
781
leifoet
leifoet
leifoet
  • Locked
  • Question
Wrong code in a href ?
Replies
1
Views
550
leifoet
leifoet

Part and Inventory Search

Sponsor

Back
Top