In a typical 'contact us' type page what is a recommended way to ensure a message text box gets dealt with properly rather than break at comma's etc.
Is it as simple as using server.encodeHTML() on every passed variable? When I do this I still seem to have problems.
GeoffWhy would you break at commas? I don't get the problem.
Sorry. Error was happening when writing a record of the email to a database.
So if I can change my question...
Is there a best-practice' approach to handling commas etc. when writing to database eg:..."insert into myTable message = '" & server.encodeHTML(msg.text) & "'" is the sort of thing that was breaking if a comma existed in the textbox called msg?
Thanks,
Geoff
The commas should not mess it up within the quotes.
If an apostrophe appears within the string ('), then it will close the string and this is what will mess it up.
The best practice is to use Parameters. These will take care of all these issues as well as protect you against SQL injection and a few other problems you may not have noticed yet.
0 comments:
Post a Comment