apostrophe fix for insert and update pages

Question

I've read in the book "Dreamweaver MX Dynamic Applications"
that a fix should be placed in the ASP code for insert and update
record form fields to replace apostrophes with their html character
entity equivilent (') prior to its entry into a database as not to
have SQL misinterpret the entered text. How essential would you say
this fix is as I have tested my form using apostrophes and have not
gotten into any trouble yet?

Newsgroup_User · Accepted Answer

> I've read in the book "Dreamweaver MX Dynamic Applications" that a fix
> should
> be placed in the ASP code for insert and update record form fields to
> replace
> apostrophes with their html character entity equivilent (') prior to its
> entry
> into a database as not to have SQL misinterpret the entered text. How
> essential
> would you say this fix is as I have tested my form using apostrophes and
> have
> not gotten into any trouble yet?

If you are taking user input and sending it to the db as plain text within
the query, then people can use SQL injection techniques to basically destroy
your database:

http://en.wikipedia.org/wiki/SQL_injection

So, yea, it's a rather serious issue.

-Darrel

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded