Welcome to WebmasterWorld Guest from 22.214.171.124
Forum Moderators: ocean10000
I've had my asp code snippets that protect against SQL injection attacks for years, but they don't work for MySQL!
I guess I'm just thick-headed, but I just can't figure out how to escape bad characters out of a SQL statement.
I've tried 'Replace(Value, "'", "\'")' which works ok I think, except for when the Value already containts \', which it turns to \\' and then MySQL can't process it.
There's got to be other MS developers that have this figured out, but I haven't been able to find any. Because of the size of the conversion, I have to use concatenated strings.