Welcome to WebmasterWorld Guest from 23.20.147.6

Forum Moderators: ocean10000

Message Too Old, No Replies

ASP and MySQL Escape Character Help

MySQL for Dummies (or dumb MS developers...)

     
3:20 pm on Feb 17, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 12, 2004
posts:1355
votes: 0


About two months ago I converted a classic ASP web site from using SQL Server to MySQL. I could write a book with what I've learned, but I still have so much I can't figure out.

I've had my asp code snippets that protect against SQL injection attacks for years, but they don't work for MySQL!

I guess I'm just thick-headed, but I just can't figure out how to escape bad characters out of a SQL statement.

I've tried 'Replace(Value, "'", "\'")' which works ok I think, except for when the Value already containts \', which it turns to \\' and then MySQL can't process it.

There's got to be other MS developers that have this figured out, but I haven't been able to find any. Because of the size of the conversion, I have to use concatenated strings.

Please help!

7:14 pm on Feb 17, 2005 (gmt 0)

Full Member

10+ Year Member

joined:May 29, 2003
posts:202
votes: 0


If there's no valid reason for a user to ever give you a string that has \' in it, then the simplest solution is to strip all occurrences of \' before you try to escape the string.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members