 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / General / October 2007string manipulation .ASP script
I can do this in vb.net but I can not do it in this asp code. the user is writing what ever text into a text box and posting it to a access database. problem is when they use words such as (we'll, can't, shouldn't,) it will not go in because of the single quote mark. I am trying to replace any single quote mark with the HTML code "‚" so I recoded the .asp script and now get this error ********************************************************** Microsoft VBScript runtime error '800a01a8' Object required: '' /admin/news_add_action.asp, line 8 ********************************************************* here is the code I've been using: Set objConn = Server.CreateObject("ADODB.Connection") objConn.Open sDSN dim thenews thenews.text = Request.form("newsbody") dim singlequote singlequote = Replace(singlequote, "Chr(39)", "‚") sSQL = "INSERT INTO news(newsTitle, newsBody, newsDate) values('" & Request.Form("newsTitle") & "','" & singlequote & "',#" & Date() & "#)" response.write sSQL objConn.Execute(sSQL) Response.Redirect "news.asp" objConn.Close Set objConn = NOTHING %> >I can do this in vb.net but I can not do it in this asp code. You're in the wrong newsgroup - this one is for ASP.NET issues. Please post to: microsoft.public.inetserver.asp.general  SignatureMark Rae ASP.NET MVP http://www.markrae.net > I can do this in vb.net but I can not do it in this asp code. > [quoted text clipped - 42 lines] > Set objConn = NOTHING > %> Wrong Newsgroup. But use double quotes. > I can do this in vb.net but I can not do it in this asp code. > [quoted text clipped - 24 lines] > > thenews.text = Request.form("newsbody") As you haven't created any object and assigned to the thenews variable, it can't have any property named text. > dim singlequote > > singlequote = Replace(singlequote, "Chr(39)", "‚") You are using the singlequote variable as input to the function, which doesn't serve any purpose as you haven't assigned any value to it. Don't you want to use the value that you just read from the Request.Form collection? "Chr(39)" is not an apostrophe, it's a string containing three characters, a start parenthesis, two digits and an end parenthesis. Simply use "'" instead. You shouldn't replace the apostrophe with an html identifier. Storing text where only some characters are html encoded makes it very difficult when you fetch the data and want to encode it properly to display it. Just replace it with double apostrophes to make it a proper SQL string: "''". > sSQL = "INSERT INTO news(newsTitle, newsBody, newsDate) values('" & > Request.Form("newsTitle") & "','" & singlequote & "',#" & Date() & > "#)" You have to replace apostrophes in the title too. > response.write sSQL > > objConn.Execute(sSQL) > > Response.Redirect "news.asp" You have to close the database connection BEFORE you end the execution by calling Response.Redirect. > objConn.Close > Set objConn = NOTHING > %> SignatureGöran Andersson _____ http://www.guffa.com >I can do this in vb.net but I can not do it in this asp code. > [quoted text clipped - 42 lines] >Set objConn = NOTHING >%> Parameterized queries friend! Will save you a lot of grief!!! -- http://bytes.thinkersroom.com Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.