w3Util Examples

Examples

Making data DB-friendly

When coding ASP, you are very often inserting data from webpages into a database. The information must be converted so that it doesn't contain any quotes or commands that the database may interpret. In w3 StringUtils there's a method called quotedStr which does all this.

   

'open the odbc-source
set con     = Server.CreateObject( "ADODB.Connection" )
con.Open "Web SQL", "sa", ""

'create the stringutilsobject
set str      = Server.createObject( "w3.stringutils" )
'get the form values and convert them into db-friendly values
name  = str.QuotedStr( Request.form("name") )
email  = str.QuotedStr( Request.form ("email") )

'run the query
con.execute( "INSERT INTO db..Names (Name, Email) VALUES( " + name + ", " + email + " ) " )