cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

apostrophe fix for insert and update pages

aonefun
Participant ,
Jan 04, 2007 Jan 04, 2007
I've read in the book "Dreamweaver MX Dynamic Applications" that a fix should be placed in the ASP code for insert and update record form fields to replace apostrophes with their html character entity equivilent (') prior to its entry into a database as not to have SQL misinterpret the entered text. How essential would you say this fix is as I have tested my form using apostrophes and have not gotten into any trouble yet?
TOPICS
Server side applications
490
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Newsgroup_User
LEGEND , Jan 04, 2007 Jan 04, 2007
> I've read in the book "Dreamweaver MX Dynamic Applications" that a fix
> should
> be placed in the ASP code for insert and update record form fields to
> replace
> apostrophes with their html character entity equivilent (') prior to its
> entry
> into a database as not to have SQL misinterpret the entered text. How
> essential
> would you say this fix is as I have tested my form using apostrophes and
> have
> not gotten into any trouble yet?

If you are taking user input and sending it to...
Translate
replies 1 Reply 1
latest latest Jump to latest reply
Newsgroup_User
LEGEND ,
Jan 04, 2007 Jan 04, 2007
LATEST
> I've read in the book "Dreamweaver MX Dynamic Applications" that a fix
> should
> be placed in the ASP code for insert and update record form fields to
> replace
> apostrophes with their html character entity equivilent (') prior to its
> entry
> into a database as not to have SQL misinterpret the entered text. How
> essential
> would you say this fix is as I have tested my form using apostrophes and
> have
> not gotten into any trouble yet?

If you are taking user input and sending it to the db as plain text within
the query, then people can use SQL injection techniques to basically destroy
your database:

http://en.wikipedia.org/wiki/SQL_injection

So, yea, it's a rather serious issue.

-Darrel


Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices