david.brent
Registered User.
- Local time
- Today, 11:00
- Joined
- Aug 25, 2004
- Messages
- 57
I know the single quote issue is well documented throughout t'internet but I can't find reference to my particular problem. I have also read up on SQL injection.
I have my data and stored procedure in an SQL 2000 database. I have an HTML page with 2 input boxes - 1 numeric and 1 text. The 2 boxes are intended as references. The can be used independantly and in conjunction. Everything is fine with the numeric box. The text one is a different matter.
Some of the references have a single quote in them. No problem just use Replace(string,"'","''"). Sadly this does not work for me. I get a record count of 0 and no records are returned. If I don't use Replace I get a record count of say 20 and a very strange table layout.
The first record is displayed as should be however, the rest of the records are just stuffed at the end of this record. The whole record doesn't show just the fields after the reference.
I am at a complete loss. Has anyone come across this proble before? I would be very grateful if you could give me your views/ideas on this.
Thank You.
I have my data and stored procedure in an SQL 2000 database. I have an HTML page with 2 input boxes - 1 numeric and 1 text. The 2 boxes are intended as references. The can be used independantly and in conjunction. Everything is fine with the numeric box. The text one is a different matter.
Some of the references have a single quote in them. No problem just use Replace(string,"'","''"). Sadly this does not work for me. I get a record count of 0 and no records are returned. If I don't use Replace I get a record count of say 20 and a very strange table layout.
The first record is displayed as should be however, the rest of the records are just stuffed at the end of this record. The whole record doesn't show just the fields after the reference.
I am at a complete loss. Has anyone come across this proble before? I would be very grateful if you could give me your views/ideas on this.
Thank You.