" ' " in web address

" ' " in web address (Full Version)

All Forums >> [Web Development] >> ASP and Database

Message

jenleo26 -> " ' " in web address (1/26/2005 10:39:16)
I have a page that uses sessions with people's email addresses. I have ran across someone using jane.d.o'connor as an address and it's giving me errors. Is there a way around this? Here is an example of the full address: http://reporting.com/mylist.asp?email2=Jane.D.O'Connor@reporting.com Thanks! Jen

rdouglass -> RE: " ' " in web address (1/26/2005 11:35:36)
Hi and Welcome to Outfront. Yes, apostrophes need to be dealt with but it's relatively easy using the replace function: <%myEmailVariable = replace(myEmailVariable,"'","''")%> Don't get confused by all the single and double quotes; it goes: myEmailVariable,comma,double,single,double,comma,double,single,single,double See if we replace a single apostrophe with 2 apostrophes, we can get the DB to accept it. That any help?

jenleo26 -> RE: " ' " in web address (1/26/2005 13:40:28)
Thank you very much! One question, will it still query the database for the correct email address - the one that contains the single quote?

Spooky -> RE: " ' " in web address (1/26/2005 13:48:53)
Yes - although without searching for the rfc, Id suggest the user has an invalid email address to start with.

rdouglass -> RE: " ' " in web address (1/26/2005 13:53:47)
quote: One question, will it still query the database for the correct email address - the one that contains the single quote? That's a "qualified" YES. [8\|][;)] It will actually store the email address properly (with only 1 apostrophe) but when you search for it, you'll need to use that REPLACE thing again in your query. This is a very common thing to with SQL injection and all. In fact, I usually build a function like so: <% Function StripQuote(TextIn) TextIn=Replace(TextIn,"'","''") StripQuote=TextIn End Function %> And use it like so: UPDATE myTable SET myEmailField = '" & StripQuote(myEmailVariable) & "' WHERE ..... You will not have to use it when your displaying it in the browser (or reading it FROM the DB). That answer the question?

jenleo26 -> RE: " ' " in web address (1/26/2005 19:47:17)
Yes, Thank You!!

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.046875