Solve the problem of performing special characters in database queries in ASP

Source: Internet
Author: User
Tags chr functions integer query
Resolve | data | database | problem | When you perform a query for a database, you often encounter situations like this:
   For exampleYou want to query his user name and his password in a user database, but it happens that the user has a special character in the name and password, such as single quotes, "|" Resolution

Double quotes or hyphen "&".

   For exampleHis name is 1 ' test, and the password is a|&900.

when you execute the following query statement, you will definitely get an error:

SQL = "SELECT * from SecurityLevel WHERE uid= '" & UserID & "'"

sql = SQL & "and pwd= '" & Password & "'"

because your SQL is going to be like this:

SELECT * from SecurityLevel WHERE uid= ' 1 ' test '

and pwd= ' a|&900 '

in sql, the "|" For the Split field, it's obviously going to go wrong. Now provide a few of the following functions specifically for dealing with these headaches:

Function replacestr (Textin, ByVal searchstr as String, _

ByVal Replacement as String, _

ByVal Compmode as Integer)

Dim Worktext as String, pointer as Integer

If IsNull (textin) Then

Replacestr = Null

Else

Worktext = Textin

pointer = InStr (1, Worktext, Searchstr, Compmode)

Do While pointer > 0

Worktext = Left (Worktext, Pointer-1) & Replacement & _

Mid (worktext, pointer + Len (SEARCHSTR))

pointer = INSTR (pointer + Len (replacement), Worktext, _

SEARCHSTR, Compmode)

Loop

Replacestr = Worktext

End If

End Function

Function Sqlfixup (Textin)

Sqlfixup = Replacestr (Textin, "'", "" ", 0)

End Function

Function Jetsqlfixup (Textin)

Dim Temp

Temp = Replacestr (Textin, "'", "" ", 0)

Jetsqlfixup = Replacestr (Temp, "|", "' & Chr (124) & '", 0)

End Function

Function Findfirstfixup (Textin)

Dim Temp

Temp = Replacestr (Textin, "'", "' & Chr () & '", 0)

Findfirstfixup = Replacestr (Temp, "|", "' & Chr (124) & '", 0)

End Function

with the above several functions, before you execute a SQL, please use the

SQL = "SELECT * from SecurityLevel WHERE uid= '" & Sqlfixup (UserID) & "'"

sql = SQL & "and pwd= '" & Sqlfixup (Password) & "'"

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.