homepage Welcome to WebmasterWorld Guest from 54.166.116.36
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Microsoft / Microsoft IIS Web Server and ASP.NET
Forum Library, Charter, Moderators: ocean10000

Microsoft IIS Web Server and ASP.NET Forum

    
ASP and MySQL Escape Character Help
MySQL for Dummies (or dumb MS developers...)
dataguy

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 2497 posted 3:20 pm on Feb 17, 2005 (gmt 0)

About two months ago I converted a classic ASP web site from using SQL Server to MySQL. I could write a book with what I've learned, but I still have so much I can't figure out.

I've had my asp code snippets that protect against SQL injection attacks for years, but they don't work for MySQL!

I guess I'm just thick-headed, but I just can't figure out how to escape bad characters out of a SQL statement.

I've tried 'Replace(Value, "'", "\'")' which works ok I think, except for when the Value already containts \', which it turns to \\' and then MySQL can't process it.

There's got to be other MS developers that have this figured out, but I haven't been able to find any. Because of the size of the conversion, I have to use concatenated strings.

Please help!

 

martyt

10+ Year Member



 
Msg#: 2497 posted 7:14 pm on Feb 17, 2005 (gmt 0)

If there's no valid reason for a user to ever give you a string that has \' in it, then the simplest solution is to strip all occurrences of \' before you try to escape the string.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft IIS Web Server and ASP.NET
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved