-
search problems??
Hi Guys,
I have a search box that works fine, except for the punctuation.
For example, if I type: Ned's Head in the search it brigs up an error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near 's'.
/dosearch.asp, line 300
Flash go button:
on (press) {
getURL("dosearch.asp?KEYS=" add val.text, _self);
}
How can we make this so it can read the punctuation?
Any help would be excellent.
Thanks Shaun
-
Hi,
you want your backend to double all ' received from flash; if you dont do that, someone might build malicious input that modifies your database.
If you do it in flash, you get clean queries, but
someone could still create havoc by submitting data with something else
Musicman
-
Hi Musicman
So would you be able to help me out, on what i need to add to my button?
Thanks-Shaun
-
Hi,
please dont change your flash code, but rather find out how to double all ' in the asp part
I am no asp user, so I cannot give any particular advice on how to do it, but you should probably find some info here:
http://www.nextgenss.com/papers/adva..._injection.pdf
Musicman
BTW: for any php users who stumble over this thread: php magic_quotes is usually on to prevent this kind of problem, asp and perl require some attention
-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|