Handling Single Quotes in Values From ASP

Handling Single Quotes in Values From ASP

Question:
How can I prevent sending the contents of a form field containing single quotes to the server? Single quotes should be converted to double quotes in a way that doesn’t give any problems when writing to the database.

Answer:

Just make sure that before you pass the data back to the database, you check the string for any improper values. One good way is to create a function called CheckString on your ASP page. This function would convert all occurrences of single quotes to two single quotes that should have no problem in your database. You can then call this function before passing the values to the database.

Function CheckString(byval strText)   ' -- this function converts all single quotes   ' -- inside 'strText' to two single quotes and   ' -- also encloses the entire 'strText' string   ' -- within single quotes   CheckString = "'" & Replace(strText, "'", "''") & "'"End Function

One problem with this code is that it relies on the VBScript Replace function to do the actual replacement. Memory leaks have occurred with the Replace function (hopefully they will be fixed in the future). If you do not wish to rely on the Replace function, you can use this second version of the CheckString function that does a brute force replacement.

Function CheckString(byval strText)   Dim intPos   intPos = InStr(strText, "'")   While intPos > 0      strText = Left(strText, intPos) & _                "'" & _                Mid(strText, intPos + 1)      intPos = Instr(intPos+2, strText, "'")   Wend   CheckString = "'" & strText & "'"End Function

Now, in your ASP page, assuming that you obtained the value of a form field into a variable called strAddress, you would “clean up” the variable before passing it over to the database.

   strAddress = CheckString(strAddress)

Note: If you do not want the CheckString function to enclose the string within single quotes, you can modify the code so it does not do so. Also, if you want single quotes to be replaced by any other character, you can modify the code to do so.

Share the Post:
XDR solutions

The Benefits of Using XDR Solutions

May 24, 2023

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

May 23, 2023

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

May 22, 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

May 17, 2023

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

May 16, 2023

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes

ransomware cyber attack

Why Is Ransomware Such a Major Threat?

May 15, 2023

One of the most significant cyber threats faced by modern organizations is a ransomware attack. Ransomware attacks have grown in both sophistication and frequency over the past few years, forcing

data dictionary

Tools You Need to Make a Data Dictionary

May 12, 2023

Data dictionaries are crucial for organizations of all sizes that deal with large amounts of data. they are centralized repositories of all the data in organizations, including metadata such as

Show More