string manipulations

I can do this in vb.net but I can not do it in this asp code.

the user is writing what ever text into a text box and posting it to a
access database. problem is when they use words such as (we'll, can't,
shouldn't,) it will not go in because of the single quote mark.

I am trying to replace any single quote mark with the HTML code
"‚"

so I recoded the .asp script and now get this error

**********************************************************
Microsoft VBScript runtime error '800a01a8'

Object required: ''

/admin/news_add_action.asp, line 8

*********************************************************

here is the code I've been using:

Set objConn = Server.CreateObject("ADODB.Connection")
objConn.Open sDSN

dim thenews

thenews.text = Request.form("newsbody")

dim singlequote

singlequote = Replace(singlequote, "Chr(39)", "‚")

sSQL = "INSERT INTO news(newsTitle, newsBody, newsDate) values('" &
Request.Form("newsTitle") & "','" & singlequote & "',#" & Date() &
"#)"

response.write sSQL

objConn.Execute(sSQL)

Response.Redirect "news.asp"

objConn.Close
Set objConn = NOTHING
%>

Re: string manipulations

bbell1980@gmail.com wrote:
> I can do this in vb.net but I can not do it in this asp code.

Presumably, you mean "vbscript", not "asp code"
>
> the user is writing what ever text into a text box and posting it to a
> access database. problem is when they use words such as (we'll, can't,
> shouldn't,) it will not go in because of the single quote mark.
>
> I am trying to replace any single quote mark with the HTML code
> "‚"
>

Don't bother. Use parameters. See here for a better, more secure way to
execute your queries by using
parameter markers:
http://groups-beta.google.com/group/microsoft.public.inetser ver.asp.db/msg/72e36562fee7804e

Personally, I prefer using stored procedures, or saved parameter queries
as they are known in Access:

http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&sel m=e6lLVvOcDHA.1204%40TK2MSFTNGP12.phx.gbl

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1& selm=eHYxOyvaDHA.4020%40tk2msftngp13.phx.gbl



--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Re: string manipulations

On Oct 26, 3:49 pm, "Bob Barrows [MVP]"
wrote:
> bbell1...@gmail.com wrote:
> > I can do this in vb.net but I can not do it in this asp code.
>
> Presumably, you mean "vbscript", not "asp code"
>
>
>
> > the user is writing what ever text into a text box and posting it to a
> > access database. problem is when they use words such as (we'll, can't,
> > shouldn't,) it will not go in because of the single quote mark.
>
> > I am trying to replace any single quote mark with the HTML code
> > "‚"
>
> Don't bother. Use parameters. See here for a better, more secure way to
> execute your queries by using
> parameter markers:http://groups-beta.google.com/group/microsoft.public .inetserver.asp.d...
>
> Personally, I prefer using stored procedures, or saved parameter queries
> as they are known in Access:
>
> http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&sel m=e6lLVvO...
>
> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1& selm=eHYx...
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.

I don't think you understand I just want to replace the single quotes
with a string.

Re: string manipulations

bbell1980@gmail.com wrote:
> On Oct 26, 3:49 pm, "Bob Barrows [MVP]"
> wrote:
>> bbell1...@gmail.com wrote:
>>> I can do this in vb.net but I can not do it in this asp code.
>>
>> Presumably, you mean "vbscript", not "asp code"
>>
>>
>>
>>> the user is writing what ever text into a text box and posting it
>>> to a access database. problem is when they use words such as
>>> (we'll, can't, shouldn't,) it will not go in because of the single
>>> quote mark.
>>
>>> I am trying to replace any single quote mark with the HTML code
>>> "‚"
>>
>> Don't bother. Use parameters. See here for a better, more secure way
>> to
>> execute your queries by using
>> parameter
>>
markers:http://groups-beta.google.com/group/microsoft.public .inetserver.
asp.d...
>>
>> Personally, I prefer using stored procedures, or saved parameter
>> queries
>> as they are known in Access:
>>
>>
http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&sel m=e6lLVvO...
>>
>>
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1& selm=eHYx...
>>

> I don't think you understand I just want to replace the single quotes
> with a string.

Oh! I do understand. I'm trying to tell you your plan is a bad idea and
totally unnecessary. I'm also trying to steer you away from using
dynamic sql, the use of which can leave your site vulnerable to hackers
using sql injection:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

However, your "Object Required" error is due to this line:

thenews.text = Request.form("newsbody")

thenews is not an object. Therefore it does not have a "text" property.

Also, this is a problem:
dim singlequote

singlequote = Replace(singlequote, "Chr(39)", "‚")

singlequote does not contain anything so Replace cannot replace
anything.


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Re: string manipulations

On Oct 26, 4:38 pm, "Bob Barrows [MVP]"
wrote:
> bbell1...@gmail.com wrote:
> > On Oct 26, 3:49 pm, "Bob Barrows [MVP]"
> > wrote:
> >> bbell1...@gmail.com wrote:
> >>> I can do this in vb.net but I can not do it in this asp code.
>
> >> Presumably, you mean "vbscript", not "asp code"
>
> >>> the user is writing what ever text into a text box and posting it
> >>> to a access database. problem is when they use words such as
> >>> (we'll, can't, shouldn't,) it will not go in because of the single
> >>> quote mark.
>
> >>> I am trying to replace any single quote mark with the HTML code
> >>> "‚"
>
> >> Don't bother. Use parameters. See here for a better, more secure way
> >> to
> >> execute your queries by using
> >> parameter
>
> markers:http://groups-beta.google.com/group/microsoft.public .inetserver.
> asp.d...
>
> >> Personally, I prefer using stored procedures, or saved parameter
> >> queries
> >> as they are known in Access:
>
> http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&sel m=e6lLVvO...
>
> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1& selm=eHYx...
>
>
>
> > I don't think you understand I just want to replace the single quotes
> > with a string.
>
> Oh! I do understand. I'm trying to tell you your plan is a bad idea and
> totally unnecessary. I'm also trying to steer you away from using
> dynamic sql, the use of which can leave your site vulnerable to hackers
> using sql injection:http://mvp.unixwiz.net/techtips/sql-injection.html http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
>
> However, your "Object Required" error is due to this line:
>
> thenews.text = Request.form("newsbody")
>
> thenews is not an object. Therefore it does not have a "text" property.
>
> Also, this is a problem:
> dim singlequote
>
> singlequote = Replace(singlequote, "Chr(39)", "‚")
>
> singlequote does not contain anything so Replace cannot replace
> anything.
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.

Sorry if I sound rude. I'm just feeling pressured and I have not
finished school yet, no one has taught me vbscript, I know vb.net OK.
and I just got this job. and I just needed to fix this script.

Re: string manipulations

bbell1980@gmail.com wrote:
> On Oct 26, 4:38 pm, "Bob Barrows [MVP]"
> wrote:
>> bbell1...@gmail.com wrote:
>>> On Oct 26, 3:49 pm, "Bob Barrows [MVP]"
>>> wrote:
>>>> bbell1...@gmail.com wrote:
>>>>> I can do this in vb.net but I can not do it in this asp code.
>>>> Presumably, you mean "vbscript", not "asp code"
>>>>> the user is writing what ever text into a text box and posting it
>>>>> to a access database. problem is when they use words such as
>>>>> (we'll, can't, shouldn't,) it will not go in because of the single
>>>>> quote mark.
>>>>> I am trying to replace any single quote mark with the HTML code
>>>>> "‚"
>>>> Don't bother. Use parameters. See here for a better, more secure way
>>>> to
>>>> execute your queries by using
>>>> parameter
>> markers:http://groups-beta.google.com/group/microsoft.public .inetserver.
>> asp.d...
>>
>>>> Personally, I prefer using stored procedures, or saved parameter
>>>> queries
>>>> as they are known in Access:
>> http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&sel m=e6lLVvO...
>>
>> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1& selm=eHYx...
>>
>>
>>
>>> I don't think you understand I just want to replace the single quotes
>>> with a string.
>> Oh! I do understand. I'm trying to tell you your plan is a bad idea and
>> totally unnecessary. I'm also trying to steer you away from using
>> dynamic sql, the use of which can leave your site vulnerable to hackers
>> using sql injection:http://mvp.unixwiz.net/techtips/sql-injection.html http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
>>
>> However, your "Object Required" error is due to this line:
>>
>> thenews.text = Request.form("newsbody")
>>
>> thenews is not an object. Therefore it does not have a "text" property.
>>
>> Also, this is a problem:
>> dim singlequote
>>
>> singlequote = Replace(singlequote, "Chr(39)", "‚")
>>
>> singlequote does not contain anything so Replace cannot replace
>> anything.
>>
>> --
>> Microsoft MVP -- ASP/ASP.NET
>> Please reply to the newsgroup. The email account listed in my From
>> header is my spam trap, so I don't check it very often. You will get a
>> quicker response by posting to the newsgroup.
>
> Sorry if I sound rude. I'm just feeling pressured and I have not
> finished school yet, no one has taught me vbscript, I know vb.net OK.
> and I just got this job. and I just needed to fix this script.
>

<%
thenews = Request.Form("newsbody")
thenews = Replace(thenews,"Chr(39)", "‚")
%>