apostrophe confusion

Re: apostrophe confusion

Yes, they both do the same thing. But you do NOT pass that value through
the function when you are RETREIVING a value from the database. Is that
what you're doing? Are you doing something like:

Response.Write SafeIn(Recordse t("item"))

Ray at work

"middletree " <middletree@hto mail.com> wrote in message
news:%23dePXVXy DHA.3196@TK2MSF TNGP11.phx.gbl. ..[color=blue]
> Ray recently answered my question about apostrophe replacement with advice
> on how to use 2 functions for hwich he gave me some code, called SafeIn[/color]
and[color=blue]
> Safeout
>
> I'm having a hard time seeing the difference. In fact, the results are the
> same.
>
> Here's my old code:
>
> Replace(Trim(Re quest.Form("Int ernalDesc")),"' ","''")
>
>
> and here is what Ray suggests:
> SafeIn(Request. Form("InternalD esc"))
>
> and
> Function SafeIn(theStrin g)
> SafeIn = Replace(theStri ng, "'", "''")
> End Function
>
>
> The results are the same: when I type in:
> won't
>
> One the page where it is displayed, it looks like:
> won''t
>
>
>
>
>[/color]

Re: apostrophe confusion

I think he was just suggesting using a function to encapsulate the logic
instead of having to write out that replace() crap everywhere. He wasn't
trying to change the effect.



"middletree " <middletree@hto mail.com> wrote in message
news:%23dePXVXy DHA.3196@TK2MSF TNGP11.phx.gbl. ..[color=blue]
> Ray recently answered my question about apostrophe replacement with advice
> on how to use 2 functions for hwich he gave me some code, called SafeIn[/color]
and[color=blue]
> Safeout
>
> I'm having a hard time seeing the difference. In fact, the results are the
> same.
>
> Here's my old code:
>
> Replace(Trim(Re quest.Form("Int ernalDesc")),"' ","''")
>
>
> and here is what Ray suggests:
> SafeIn(Request. Form("InternalD esc"))
>
> and
> Function SafeIn(theStrin g)
> SafeIn = Replace(theStri ng, "'", "''")
> End Function
>
>
> The results are the same: when I type in:
> won't
>
> One the page where it is displayed, it looks like:
> won''t
>
>
>
>
>[/color]

Re: apostrophe confusion

I am doing it when I do a request.form, before it goes into the database


"Ray at <%=sLocation% >" <myfirstname at lane34 dot com> wrote in message
news:eApelXXyDH A.536@tk2msftng p13.phx.gbl...[color=blue]
> Yes, they both do the same thing. But you do NOT pass that value through
> the function when you are RETREIVING a value from the database. Is that
> what you're doing? Are you doing something like:
>
> Response.Write SafeIn(Recordse t("item"))
>
> Ray at work
>
> "middletree " <middletree@hto mail.com> wrote in message
> news:%23dePXVXy DHA.3196@TK2MSF TNGP11.phx.gbl. ..[color=green]
> > Ray recently answered my question about apostrophe replacement with[/color][/color]
advice[color=blue][color=green]
> > on how to use 2 functions for hwich he gave me some code, called SafeIn[/color]
> and[color=green]
> > Safeout
> >
> > I'm having a hard time seeing the difference. In fact, the results are[/color][/color]
the[color=blue][color=green]
> > same.
> >
> > Here's my old code:
> >
> > Replace(Trim(Re quest.Form("Int ernalDesc")),"' ","''")
> >
> >
> > and here is what Ray suggests:
> > SafeIn(Request. Form("InternalD esc"))
> >
> > and
> > Function SafeIn(theStrin g)
> > SafeIn = Replace(theStri ng, "'", "''")
> > End Function
> >
> >
> > The results are the same: when I type in:
> > won't
> >
> > One the page where it is displayed, it looks like:
> > won''t
> >
> >
> >
> >
> >[/color]
>
>[/color]

Re: apostrophe confusion

Well, my original question is, why am I getting that effect? So any help to
that end would be appreciated


"Foo Man Chew" <foo@man.chew > wrote in message
news:uWyKWpXyDH A.604@tk2msftng p13.phx.gbl...[color=blue]
> I think he was just suggesting using a function to encapsulate the logic
> instead of having to write out that replace() crap everywhere. He wasn't
> trying to change the effect.
>
>
>
> "middletree " <middletree@hto mail.com> wrote in message
> news:%23dePXVXy DHA.3196@TK2MSF TNGP11.phx.gbl. ..[color=green]
> > Ray recently answered my question about apostrophe replacement with[/color][/color]
advice[color=blue][color=green]
> > on how to use 2 functions for hwich he gave me some code, called SafeIn[/color]
> and[color=green]
> > Safeout
> >
> > I'm having a hard time seeing the difference. In fact, the results are[/color][/color]
the[color=blue][color=green]
> > same.
> >
> > Here's my old code:
> >
> > Replace(Trim(Re quest.Form("Int ernalDesc")),"' ","''")
> >
> >
> > and here is what Ray suggests:
> > SafeIn(Request. Form("InternalD esc"))
> >
> > and
> > Function SafeIn(theStrin g)
> > SafeIn = Replace(theStri ng, "'", "''")
> > End Function
> >
> >
> > The results are the same: when I type in:
> > won't
> >
> > One the page where it is displayed, it looks like:
> > won''t
> >
> >
> >
> >
> >[/color]
>
>[/color]

Re: apostrophe confusion

> Well, my original question is, why am I getting that effect?

WHAT ARE YOU TALKING ABOUT?

Okay, here's the deal. Strings passed to SQL statements are delimited by
apostrophes ('). So, if you have an apostrophe in a name, you need to have
some way of telling the SQL statement that you do *not* want to end the
string there. So, the common term is called "escaping" - you double-up the
apostrophe so it is escaped before passing to the database. No idea why
you're concerned how an *ESCAPED* value prints to the screen... it's escaped
for the database, not the user. And if that's not your concern, maybe you
could be more specific.

Re: apostrophe confusion

Unless your request.form value actually has two apostrophes in it, you
shouldn't see two apostophes when you pull the value back out of the
database or look at it directly in the database. You aren't actually
inserting two into the database. '' = ' when inserted. I think we need to
see a sample of how this is happening to you.

Ray at home

"middletree " <middletree@hto mail.com> wrote in message
news:#52kkxXyDH A.2464@TK2MSFTN GP12.phx.gbl...[color=blue]
> I am doing it when I do a request.form, before it goes into the database
>
>
> "Ray at <%=sLocation% >" <myfirstname at lane34 dot com> wrote in message
> news:eApelXXyDH A.536@tk2msftng p13.phx.gbl...[color=green]
> > Yes, they both do the same thing. But you do NOT pass that value[/color][/color]
through[color=blue][color=green]
> > the function when you are RETREIVING a value from the database. Is that
> > what you're doing? Are you doing something like:
> >
> > Response.Write SafeIn(Recordse t("item"))
> >
> > Ray at work
> >
> > "middletree " <middletree@hto mail.com> wrote in message
> > news:%23dePXVXy DHA.3196@TK2MSF TNGP11.phx.gbl. ..[color=darkred]
> > > Ray recently answered my question about apostrophe replacement with[/color][/color]
> advice[color=green][color=darkred]
> > > on how to use 2 functions for hwich he gave me some code, called[/color][/color][/color]
SafeIn[color=blue][color=green]
> > and[color=darkred]
> > > Safeout
> > >
> > > I'm having a hard time seeing the difference. In fact, the results are[/color][/color]
> the[color=green][color=darkred]
> > > same.
> > >
> > > Here's my old code:
> > >
> > > Replace(Trim(Re quest.Form("Int ernalDesc")),"' ","''")
> > >
> > >
> > > and here is what Ray suggests:
> > > SafeIn(Request. Form("InternalD esc"))
> > >
> > > and
> > > Function SafeIn(theStrin g)
> > > SafeIn = Replace(theStri ng, "'", "''")
> > > End Function
> > >
> > >
> > > The results are the same: when I type in:
> > > won't
> > >
> > > One the page where it is displayed, it looks like:
> > > won''t
> > >
> > >
> > >
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

Re: apostrophe confusion

I think he's doing this:

value = replace(value, "'", "''")

and then wondering why there are two apostrophes when he later does this:

response.write value

Re: apostrophe confusion

I am not clear on why you aren't clear on why I am concerned with how things
appear on the screen.

The user types in

won't

When another page loads some data, and they see the word now displayed as

won''t

then, that is the problem I am trying to overcome.



"Foo Man Chew" <foo@man.chew > wrote in message
news:uzmKH3XyDH A.3772@TK2MSFTN GP11.phx.gbl...[color=blue][color=green]
> > Well, my original question is, why am I getting that effect?[/color]
>
> WHAT ARE YOU TALKING ABOUT?
>
> Okay, here's the deal. Strings passed to SQL statements are delimited by
> apostrophes ('). So, if you have an apostrophe in a name, you need to[/color]
have[color=blue]
> some way of telling the SQL statement that you do *not* want to end the
> string there. So, the common term is called "escaping" - you double-up[/color]
the[color=blue]
> apostrophe so it is escaped before passing to the database. No idea why
> you're concerned how an *ESCAPED* value prints to the screen... it's[/color]
escaped[color=blue]
> for the database, not the user. And if that's not your concern, maybe you
> could be more specific.
>
>[/color]

Re: apostrophe confusion

yes.


"Foo Man Chew" <foo@man.chew > wrote in message
news:#fFDAOYyDH A.2156@TK2MSFTN GP09.phx.gbl...[color=blue]
> I think he's doing this:
>
> value = replace(value, "'", "''")
>
> and then wondering why there are two apostrophes when he later does this:
>
> response.write value
>
>[/color]

Re: apostrophe confusion

middletree wrote:[color=blue]
> I am not clear on why you aren't clear on why I am concerned with how
> things appear on the screen.
>
> The user types in
>
> won't
>
> When another page loads some data, and they see the word now
> displayed as
>
> won''t
>
> then, that is the problem I am trying to overcome.
>
>[/color]
The issue is that you have not shown us how you process the value that you
receive from the database before response.writin g it.

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Re: apostrophe confusion

OK, I see the problem now. I was doing the replace both giong in and coming
out.

Sheesh!

My apologies for taking up everyone's time

or should that be everyone''s time




"Bob Barrows" <reb01501@NOyah oo.SPAMcom> wrote in message
news:uz8YtbYyDH A.2116@TK2MSFTN GP11.phx.gbl...[color=blue]
> middletree wrote:[color=green]
> > I am not clear on why you aren't clear on why I am concerned with how
> > things appear on the screen.
> >
> > The user types in
> >
> > won't
> >
> > When another page loads some data, and they see the word now
> > displayed as
> >
> > won''t
> >
> > then, that is the problem I am trying to overcome.
> >
> >[/color]
> The issue is that you have not shown us how you process the value that you
> receive from the database before response.writin g it.
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.
>
>[/color]

Re: apostrophe confusion

Think of it this way.

x = "q"
x = replace(x, "q", "aksdjf;ads f")
response.write x

What will you get? You won't get "q."

But what about:

sSQL = "insert into something (col) values ('" & replace(x, "q",
"kajsdflkjasdf" ) & "')"
oADO.Execute sSQL
Response.Write x

Since you never changed the value of x, it will still be the original value.
You shouldn't ever change the value of a user input for the sake of dealing
with '.

Ray at home



"middletree " <middletree@hto mail.com> wrote in message
news:#1PUMWYyDH A.3772@TK2MSFTN GP11.phx.gbl...[color=blue]
> yes.
>
>
> "Foo Man Chew" <foo@man.chew > wrote in message
> news:#fFDAOYyDH A.2156@TK2MSFTN GP09.phx.gbl...[color=green]
> > I think he's doing this:
> >
> > value = replace(value, "'", "''")
> >
> > and then wondering why there are two apostrophes when he later does[/color][/color]
this:[color=blue][color=green]
> >
> > response.write value
> >
> >[/color]
>
>[/color]

Re: apostrophe confusion

makes sense. thanks


"Ray at <%=sLocation% >" <myFirstNameATl ane34dotKOMM> wrote in message
news:ehepudZyDH A.560@TK2MSFTNG P11.phx.gbl...[color=blue]
> Think of it this way.
>
> x = "q"
> x = replace(x, "q", "aksdjf;ads f")
> response.write x
>
> What will you get? You won't get "q."
>
> But what about:
>
> sSQL = "insert into something (col) values ('" & replace(x, "q",
> "kajsdflkjasdf" ) & "')"
> oADO.Execute sSQL
> Response.Write x
>
> Since you never changed the value of x, it will still be the original[/color]
value.[color=blue]
> You shouldn't ever change the value of a user input for the sake of[/color]
dealing[color=blue]
> with '.
>
> Ray at home
>
>
>
> "middletree " <middletree@hto mail.com> wrote in message
> news:#1PUMWYyDH A.3772@TK2MSFTN GP11.phx.gbl...[color=green]
> > yes.
> >
> >
> > "Foo Man Chew" <foo@man.chew > wrote in message
> > news:#fFDAOYyDH A.2156@TK2MSFTN GP09.phx.gbl...[color=darkred]
> > > I think he's doing this:
> > >
> > > value = replace(value, "'", "''")
> > >
> > > and then wondering why there are two apostrophes when he later does[/color][/color]
> this:[color=green][color=darkred]
> > >
> > > response.write value
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]

Re: apostrophe confusion

but you have to change it, before submitting it into the database, right?
Because with those apostrophes there, it won't ever make it into the
database.


"Ray at <%=sLocation% >" <myFirstNameATl ane34dotKOMM> wrote in message
news:ehepudZyDH A.560@TK2MSFTNG P11.phx.gbl...[color=blue]
> Think of it this way.
>
> x = "q"
> x = replace(x, "q", "aksdjf;ads f")
> response.write x
>
> What will you get? You won't get "q."
>
> But what about:
>
> sSQL = "insert into something (col) values ('" & replace(x, "q",
> "kajsdflkjasdf" ) & "')"
> oADO.Execute sSQL
> Response.Write x
>
> Since you never changed the value of x, it will still be the original[/color]
value.[color=blue]
> You shouldn't ever change the value of a user input for the sake of[/color]
dealing[color=blue]
> with '.
>
> Ray at home
>
>
>
> "middletree " <middletree@hto mail.com> wrote in message
> news:#1PUMWYyDH A.3772@TK2MSFTN GP11.phx.gbl...[color=green]
> > yes.
> >
> >
> > "Foo Man Chew" <foo@man.chew > wrote in message
> > news:#fFDAOYyDH A.2156@TK2MSFTN GP09.phx.gbl...[color=darkred]
> > > I think he's doing this:
> > >
> > > value = replace(value, "'", "''")
> > >
> > > and then wondering why there are two apostrophes when he later does[/color][/color]
> this:[color=green][color=darkred]
> > >
> > > response.write value
> > >
> > >[/color]
> >
> >[/color]
>
>[/color]