cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
0
Upvote

apostrophe fix for insert and update pages

aonefun
Participant ,
Jan 04, 2007 Jan 04, 2007

Copy link to clipboard

Copied

I've read in the book "Dreamweaver MX Dynamic Applications" that a fix should be placed in the ASP code for insert and update record form fields to replace apostrophes with their html character entity equivilent (') prior to its entry into a database as not to have SQL misinterpret the entered text. How essential would you say this fix is as I have tested my form using apostrophes and have not gotten into any trouble yet?
TOPICS
Server side applications

Views

438
Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Newsgroup_User
LEGEND , Jan 04, 2007 Jan 04, 2007
> I've read in the book "Dreamweaver MX Dynamic Applications" that a fix
> should
> be placed in the ASP code for insert and update record form fields to
> replace
> apostrophes with their html character entity equivilent (') prior to its
> entry
> into a database as not to have SQL misinterpret the entered text. How
> essential
> would you say this fix is as I have tested my form using apostrophes and
> have
> not gotten into any trouble yet?

If you are taking user input and sending it to...

Votes

Translate
replies 1 Reply 1
latest latest Jump to latest reply
Newsgroup_User
LEGEND ,
Jan 04, 2007 Jan 04, 2007

Copy link to clipboard

Copied

LATEST
> I've read in the book "Dreamweaver MX Dynamic Applications" that a fix
> should
> be placed in the ASP code for insert and update record form fields to
> replace
> apostrophes with their html character entity equivilent (') prior to its
> entry
> into a database as not to have SQL misinterpret the entered text. How
> essential
> would you say this fix is as I have tested my form using apostrophes and
> have
> not gotten into any trouble yet?

If you are taking user input and sending it to the db as plain text within
the query, then people can use SQL injection techniques to basically destroy
your database:

http://en.wikipedia.org/wiki/SQL_injection

So, yea, it's a rather serious issue.

-Darrel


Votes

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices