Ho un form in ASP che se inserisco del testo con l'apostrofo si blocca. Da quel che ho sentito il problema e' abbastanza noto solo che io sono un somaro in ASP e non so come inserire del codice che possa evitarmi il problema.
Se qualcuno puo darmi una mano metto di seguito il codice del guestbook che contiene il form cosi che una mano amica possa aggiungere ed evidenziari le modifiche che dovrei apportare.
Grazie in anticipo
Spezzo il codice in 2 parti per poterlo postare tutto.
<%
Function CheckCAPTCHA(valCAPTCHA)
SessionCAPTCHA = Trim(Session("CAPTCHA"))
Session("CAPTCHA") = vbNullString
if Len(SessionCAPTCHA) < 1 then
CheckCAPTCHA = False
exit function
end if
if CStr(SessionCAPTCHA) = CStr(valCAPTCHA) then
CheckCAPTCHA = True
else
CheckCAPTCHA = False
end if
End Function
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874">
<style >A:link {color: #0085f7; text-decoration: none;}
A:hover {color: navy; text-decoration: underline;}
</style>
<STYLE type="text/css">
<!--
BODY {
scrollbar-face-color:#FFFFFF;
scrollbar-highlight-color:#FF8080;
scrollbar-3dlight-color:#C0C0C0;
scrollbar-darkshadow-color:#000000;
scrollbar-shadow-color:#FF0000;
scrollbar-arrow-color:#FF0000;
scrollbar-track-color:#FFFFFF;
}
-->
</STYLE>
</head>
<body>
<p align="center"><font face="Verdana" size="2">
<font color="#FF0000"> Leggi il guestbook</font>
| <font color="#FF0000">firma il guestbook</font></font></p>
<hr color=red size=3 width=500>
<%
'you can modify 4 lines above or remove them
%>
<%
mode = Request.QueryString("mode")
'get mode
%>
<%
if mode= "read" then
'open read mode
CONN_STRING = "DBQ=" & Server.MapPath("../fpdb/gbook.mdb") & ";"
CONN_STRING = CONN_STRING & "Driver={Microsoft Access Driver (*.mdb)};"
'buil string for connection my database file is link.mdb in store in the same folder of this file.
Dim iPageSize
Dim iPageCount
Dim iPageCurrent
Dim strOrderBy
Dim strSQL
Dim objPagingConn
Dim objPagingRS
Dim iRecordsShown
Dim I
iPageSize = 5
'set page size
If Request.QueryString("page") = "" Then
iPageCurrent = 1
Else
iPageCurrent = CInt(Request.QueryString("page"))
End If
If Request.QueryString("order") = "" Then
strOrderBy = "id"
Else
strOrderBy = Request.QueryString("order")
End If
strSQL = "select * from message order by ID desc;"
' select sql from the table..my table in gbook.mdb name "message"
Set objPagingConn = Server.CreateObject("ADODB.Connection")
objPagingConn.Open CONN_STRING
'open connection
Set objPagingRS = Server.CreateObject("ADODB.Recordset")
objPagingRS.PageSize = iPageSize
objPagingRS.CacheSize = iPageSize
objPagingRS.Open strSQL, objPagingConn, adOpenStatic, adLockReadOnly, adCmdText
reccount = objPagingRS.recordcount
iPageCount = objPagingRS.PageCount
If iPageCurrent > iPageCount Then iPageCurrent = iPageCount
If iPageCurrent < 1 Then iPageCurrent = 1
If iPageCount = 0 Then
Response.Write "<center><font color=red size=3>No records found!</font></center>"
Else
objPagingRS.AbsolutePage = iPageCurrent
%>
<center>
<font face="CordiaUPC" size="3">ci sono <font color="#FF0000"><%=reccount%> </font> messaggi</font>
</p>
<%
iRecordsShown = 0
Do While iRecordsShown < iPageSize And Not objPagingRS.EOF
dagar=DateDiff("d", Date, objPagingRS("PostDate"))+2
if dagar >= 0 then
%>
<center>
<table width=500>
<tr><td>
[img]<%=objPagingRS([/img].gif" align="middle"> &mode=detail"><font size=3 Face=CordiaUPC ><%=objPagingRS("Subject")%></font> <font size=1 Face=Verdana color="008800"> Since : <font color="red"> <%=objPagingRS("Postdate")%> </font></font> [img]new.gif[/img]
</td></tr>
</table>
</center>
<%else%>
<center>
<table width=500>
<tr><td>
[img]<%=objPagingRS([/img].gif" align="middle"> &mode=detail"><font size=3 Face=CordiaUPC ><%=objPagingRS("Subject")%></font> <font size=1 Face=Verdana color="008800"> Since : <font color="red"> <%=objPagingRS("Postdate")%> </font> </font>
</td></tr>
</table>
</center>
<%
end if
iRecordsShown = iRecordsShown + 1
objPagingRS.MoveNext
Loop
%>
<%
End If
objPagingRS.Close
Set objPagingRS = Nothing
objPagingConn.Close
Set objPagingConn = Nothing
If iPageCurrent <> 1 Then
%>
<A HREF="./gbook.asp?page=<%= iPageCurrent - 1 %>&order=<%= Server.URLEncode(strOrderBy) %>&mode=read2"><font face="Verdana" size="2">[img]pre.gif[/img]
<font color="#FF0000">Avanti</font></font></A><font color="#FF0000">
<%
End If
If iPageCurrent < iPageCount Then
%> </font>
<A HREF="./gbook.asp?page=<%= iPageCurrent + 1 %>&order=<%= Server.URLEncode(strOrderBy) %>&mode=read2"><font color="#FF0000" face="Verdana" size="2">Indietro</font><font face="Verdana" size="2">
[img]next.gif[/img]</font></A>
</p>
</center>
<%
End If
%>
<center><font face="Verdana" size="1">Pagina</font>
<font face="Verdana" size="1" color="#FF0000"> <%= iPageCurrent %> </font><font face="Verdana" size="1">di</font>
<font face="Verdana" size="1" color="#FF0000"> <%= iPageCount %>
</font>
</center>
<%end if%>
<%
if mode= "read2" then
'open read mode
CONN_STRING = "DBQ=" & Server.MapPath("../fpdb/gbook.mdb") & ";"
CONN_STRING = CONN_STRING & "Driver={Microsoft Access Driver (*.mdb)};"
'buil string for connection my database file is link.mdb in store in the same folder of this file.
iPageSize = 5
'set page size
If Request.QueryString("page") = "" Then
iPageCurrent = 1
Else
iPageCurrent = CInt(Request.QueryString("page"))
End If
If Request.QueryString("order") = "" Then
strOrderBy = "id"
Else
strOrderBy = Request.QueryString("order")
End If
strSQL = "select * from message order by ID desc;"
' select sql from the table..my table in gbook.mdb name "message"
Set objPagingConn = Server.CreateObject("ADODB.Connection")
objPagingConn.Open CONN_STRING
'open connection
Function FormatStr(String)
on Error resume next
String = Replace(String, CHR(13), "")
String = Replace(String, CHR(10) & CHR(10), "</P>
")
String = Replace(String, CHR(10), "
")
FormatStr = String
End Function
Set objPagingRS = Server.CreateObject("ADODB.Recordset")
objPagingRS.PageSize = iPageSize
objPagingRS.CacheSize = iPageSize
objPagingRS.Open strSQL, objPagingConn, adOpenStatic, adLockReadOnly, adCmdText
reccount = objPagingRS.recordcount
iPageCount = objPagingRS.PageCount
If iPageCurrent > iPageCount Then iPageCurrent = iPageCount
If iPageCurrent < 1 Then iPageCurrent = 1
If iPageCount = 0 Then
Response.Write "<center><font color=red size=3>Non ho trovato record!</font></center>"
Else
objPagingRS.AbsolutePage = iPageCurrent
%>
<center>
<font face="Verdana" size="2"><font color="#FF0000">trovati</font> <font color="#FF0000"><%=reccount%>
messaggi </font> </font>
</p>
<%
iRecordsShown = 0
Do While iRecordsShown < iPageSize And Not objPagingRS.EOF
dagar=DateDiff("d", Date, objPagingRS("PostDate"))+2
if dagar >= 0 then
%>
<center>
<table border=1 width=400 cellspacing=0 bordercolor=FF9999>
<tr><td bgcolor=FF9999>[img]<%=objPagingRS([/img].gif" align="middle"> <font size=3 Face=CordiaUPC ><%=objPagingRS("Subject")%></font> [img]new.gif[/img]</td></tr>
<tr><td><font size=3 Face=CordiaUPC ><%=FormatStr(objPagingRS("message"))%></font></a> </td></tr>
<tr><td bgcolor=FF9999>
<% if objPagingRS("email") <> "" then %>
"><font size=1 Face=CordiaUPC><%=objPagingRS("name")%></font>
<%else%>
<font size=2 Face=CordiaUPC color="008800"><%=objPagingRS("name")%> </font>
<%end if%>
<font size=2 Face=CordiaUPC color="008800"> |
<%if objPagingRS("url") <> "http://" then%>
" target="_blank"><%=objPagingRS("url")%> | <%else%> <%end if%>
<%=objPagingRS("Postdate")%> </font></td></tr>
</table>
</center>
<%else%>
<center>
<table border=1 width=400 cellspacing=0 bordercolor=FF9999>
<tr><td bgcolor=FF9999>[img]<%=objPagingRS([/img].gif" align="middle"> <font size=3 Face=CordiaUPC ><%=objPagingRS("Subject")%></font> </td></tr>
<tr><td><font size=3 Face=CordiaUPC ><%=FormatStr(objPagingRS("message"))%></font></a> </td></tr>
<tr><td bgcolor=FF9999>
<% if objPagingRS("email") <> "" then %>
"><font size=1 Face=Verdana><%=objPagingRS("name")%></font>
<%else%>
<font size=2 Face=CordiaUPC color="008800"><%=objPagingRS("name")%> </font>
<%end if%>
<font size=2 Face=CordiaUPC color="008800"> |
<%if objPagingRS("url") <> "http://" then%>
" target="_blank"><%=objPagingRS("url")%> | <%else%> <%end if%>
<%=objPagingRS("Postdate")%> </font></td></tr>
</table>
</center>
<%
end if
iRecordsShown = iRecordsShown + 1
objPagingRS.MoveNext
Loop
%>
<%
End If
objPagingRS.Close
Set objPagingRS = Nothing
objPagingConn.Close
Set objPagingConn = Nothing
If iPageCurrent <> 1 Then
%>
<A HREF="./gbook.asp?page=<%= iPageCurrent - 1 %>&order=<%= Server.URLEncode(strOrderBy) %>&mode=read2"><font face="Verdana" size="2">[img]pre.gif[/img]
<font color="#FF0000">Avanti</font></font></A> <%
End If
If iPageCurrent < iPageCount Then
%> <font color="#FF0000" face="Verdana" size="2">Indietro</font>
<A HREF="./gbook.asp?page=<%= iPageCurrent + 1 %>&order=<%= Server.URLEncode(strOrderBy) %>&mode=read2"><font face="Verdana" size="2">
[img]next.gif[/img]</font></A>
</p>
</center>
<%
End If
%>
<center><font face="Verdana" size="1">Pagina</font>
<font face="Verdana" size="1" color="#FF0000"> <%= iPageCurrent %> </font><font face="Verdana" size="1">di</font>
<font face="Verdana" size="1" color="#FF0000"> <%= iPageCount %>
</font>
</center>
<%end if%>
<%
' write gb form
if mode = "write" then
%>
<form action="gbook.asp?mode=putnew" method=post>
<center>
<table border="1" cellpadding="2" cellspacing="0" width="400" bordercolor="#FF9999">
<tr>
<td width="101"><font face="Verdana" size="2">Nome</font></td>
<td width="285"><input type="text" name="name" size="30"></td>
</tr>
<tr>
<td width="101">
<h2><font face="Verdana" size="2">Email</font></h2>
</td>
<td width="285"><input type="text" name="email" size="30"></td>
</tr>
<tr>
<td width="101"><font face="Verdana" size="2">Sito web</font></td>
<td width="285"><input type="text" name="url" size="30" value="http://"></td>
</tr>
<tr>
<td width="101"><font face="Verdana" size="2">Giudizio</font></td>
<td width="285">
<input type="radio" value="1" checked name="mood">[img]1.GIF[/img]
<input type="radio" name="mood" value="2">[img]2.GIF[/img]
<input type="radio" name="mood" value="3">[img]3.GIF[/img]
<input type="radio" name="mood" value="4">[img]4.GIF[/img]
<input type="radio" name="mood" value="5">[img]5.GIF[/img]</td>
</tr>
<tr>
<td width="101"><font face="Verdana" size="2">Titolo</font></td>
<td width="285"><input type="text" name="subject" size="30"></td>
</tr>
<tr>
<td width="101"><font face="Verdana" size="2">Messaggio</font></td>
<td width="285"><textarea rows="5" name="message" cols="45"></textarea></td>
</tr>
<tr>
<td width="101"><font face="Verdana" size="1">inserisci i caratteri che vedi nell'immagine</font></td>
<td width="285">[img]aspcaptcha.asp[/img]<input type="text" name="strCAPTCHA" id="strCAPTCHA" maxlength="8"></td>
</tr>
<tr>
<td width="101"></td>
<td width="285"><input type="submit" value="Submit" name="B1"><input type="reset" value="Cancel" name="B2"></td>
</tr>
</table>
</center>
</form>
<p align="center">
<%
end if
'end post area section
%>
<%
'add new entry to database
if mode = "putnew" then
if Request.ServerVariables("REQUEST_METHOD") = "POST" then
strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
if CheckCAPTCHA(strCAPTCHA) = true then
else
response.redirect ("gbook.asp?mode=write")
end if
end if
CONN_STRING = "DBQ=" & Server.MapPath("../fpdb/gbook.mdb") & ";"
CONN_STRING = CONN_STRING & "Driver={Microsoft Access Driver (*.mdb)};"
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open CONN_STRING
Function ChkString(str)
sqlbad = "select * from badword"
set rsbad = conn.execute (sqlbad)
do until rsbad.eof
badword = rsbad("badword")
goodword = rsbad("good")
str = replace(str, badword , goodword , 1, -1, 1)
rsbad.movenext
loop
rsbad.close
str = replace(str, "<", "<", 1, -1, 1)
str = replace(str, ">", ">", 1, -1, 1)
ChkString = str
End Function
name = ChkString(Request.form("name"))
url = ChkString(Request.form("url"))
email = ChkString(Request.form("email"))
subject = ChkString(Request.form("subject"))
mood = request.form("mood")
message = ChkString(request.form("message"))
postdate = now()
sql = "insert into message (name, url, mood, subject, message, postdate, email) values ('" & name & "', '" & url & "', '" & mood & "', '" & subject & "', '" & message & "', '" & postdate & "', '" & email & "')"
Set RS = conn.Execute (sql)
Set objMail = Server.CreateObject("CDONTS.NewMail")
objMail.Send "mittente@dominio.net", "indirizzo@dominio.com", "Il book e' stato firmato!", "Vai a leggere il messaggio postato sul book.", 0
Set objMail = nothing
%>
<p align=center><font face="Verdana" size="3" color="#FF0000">Grazie di aver
firmato il nostro Guestbook!</font></p>
<%
conn.close
set conn = nothing
end if
'end add new entry section
%>
<%
'read message detail
if mode ="detail" then
ID = Request.QueryString("id")
Function FormatStr(String)
on Error resume next
String = Replace(String, CHR(13), "")
String = Replace(String, CHR(10) & CHR(10), "</P>
")
String = Replace(String, CHR(10), "
")
FormatStr = String
End Function
sql2 = " select * from message where ID=" & ID
CONN_STRING = "DBQ=" & Server.MapPath("../fpdb/gbook.mdb") & ";"
CONN_STRING = CONN_STRING & "Driver={Microsoft Access Driver (*.mdb)};"
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open CONN_STRING
sql3 = "SELECT COUNT(*) FROM message "
set rs3 = conn.Execute (sql3)
allrecord = rs3(0)
Set RS = conn.Execute (sql2)
nextmessage = ID + 1
Previousmessage = ID - 1
%>
<center>
<table border=1 width=400 cellspacing=0 bordercolor=ffcc66>
<tr><td bgcolor=ffcc66>[img]<%=rs([/img].gif" align="middle"> <font size=3 Face=CordiaUPC ><%=rs("Subject")%></font> </td></tr>
<tr><td><font size=3 Face=CordiaUPC ><%=FormatStr(rs("message"))%></font></a> </td></tr>
<tr><td bgcolor=ffcc66>
<% if rs("email") <> "" then %>
"><font size=1 Face=Verdana><%=rs("name")%></font>
<%else%>
<font size=2 Face=CordiaUPC color="008800"><%=rs("name")%> </font>
<%end if%>
<font size=2 Face=CordiaUPC color="008800"> |
<%if rs("url") <> "http://" then%>
" target="_blank"><%=rs("url")%> | <%end if%>
<%=rs("Postdate")%> </font></td></tr>
</table>
</center>
<%
rs.close
conn.close
set conn = nothing
%>
<center>
<% if ID > 1 then%>
[img]pre.gif[/img]<font color="#FF0000"><a href="gbook.asp?ID=<%=previousmessage%>&mode=detai l">Messaggio
Precedente</a> <%end if%>
<%
status = allrecord - ID
if status > 0 then%>
</font><a href="gbook.asp?ID=<%=nextmessage%>&mode=detail">< font color="#FF0000">Prossimo
Messaggo</font>[img]next.gif[/img]</a>
<%end if%>
</center>
<%
end if
'end detail message section
%>
<%
' add badword form
if mode = "badword" then
%>
<form action="gbook.asp?mode=addbadword" method=post>
<center>
<table border="1" cellpadding="2" cellspacing="0" width="400" bordercolor="#FFCC66">
<tr>
<td width="101"><font face="Verdana" size="2">bad word</font></td>
<td width="285"><input type="text" name="bad" size="30"></td>
</tr>
<tr>
<td width="101"><font face="Verdana" size="2">good word</font></td>
<td width="285"><input type="text" name="good" size="30"></td>
</tr>
<tr>
<td width="101"></td>
<td width="285"><input type="submit" value="Submit" name="B1"><input type="reset" value="Cancel" name="B2"></td>
</tr>
</table>
</center>
</form>
<p align="center">
<%
end if
'end post area section
%>
<%
'add new entry to database
if mode = "addbadword" then
CONN_STRING = "DBQ=" & Server.MapPath("../fpdb/gbook.mdb") & ";"
CONN_STRING = CONN_STRING & "Driver={Microsoft Access Driver (*.mdb)};"
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open CONN_STRING
bad = Request.form("bad")
good = Request.form("good")
sql = "insert into badword (badword, good) values ('" & bad & "', '" & good & "')"
Set RS = conn.Execute (sql)
%>
<p align=center><font face="Verdana" size="3" color="#0000FF">new bad word added to database</font></p>
<%
conn.close
set conn = nothing
end if
'end add new badword section
%>
<%
' add badword form
if mode = "editbadword" then
CONN_STRING = "DBQ=" & Server.MapPath("../fpdb/gbook.mdb") & ";"
CONN_STRING = CONN_STRING & "Driver={Microsoft Access Driver (*.mdb)};"
'buil string for connection my database file is link.mdb in store in the same folder of this file.
iPageSize = 10
'set page size
If Request.QueryString("page") = "" Then
iPageCurrent = 1
Else
iPageCurrent = CInt(Request.QueryString("page"))
End If
If Request.QueryString("order") = "" Then
strOrderBy = "id"
Else
strOrderBy = Request.QueryString("order")
End If
strSQL = "select * from badword order by id"
' select sql from the table..my table in gbook.mdb name "message"
Set objPagingConn = Server.CreateObject("ADODB.Connection")
objPagingConn.Open CONN_STRING
'open connection
Set objPagingRS = Server.CreateObject("ADODB.Recordset")
objPagingRS.PageSize = iPageSize
objPagingRS.CacheSize = iPageSize
objPagingRS.Open strSQL, objPagingConn, adOpenStatic, adLockReadOnly, adCmdText
reccount = objPagingRS.recordcount
iPageCount = objPagingRS.PageCount
If iPageCurrent > iPageCount Then iPageCurrent = iPageCount
If iPageCurrent < 1 Then iPageCurrent = 1
If iPageCount = 0 Then
Response.Write "<center><font color=red size=3>No records found!</font></center>"
Else
objPagingRS.AbsolutePage = iPageCurrent
%>
<center>
<font face="Verdana" size="2">found <font color="#FF0000"><%=reccount%> </font> messages</font>
</p>
<%
iRecordsShown = 0
Do While iRecordsShown < iPageSize And Not objPagingRS.EOF
%>
<form action="gbook.asp?mode=updatebadword" method=post>
Bad word : <input type=text value="<%=objPagingRS("badword")%>" size=30 name=bad> ---good word : <input type=text value="<%=objPagingRS("good")%>" size=30 name=good>
<input type=hidden value="<%=objPagingRS("id")%>" name=id>
<input type=submit value="update badword">
</form>
<%
iRecordsShown = iRecordsShown + 1
objPagingRS.MoveNext
Loop
%>
<%
End If
objPagingRS.Close
Set objPagingRS = Nothing
objPagingConn.Close
Set objPagingConn = Nothing
If iPageCurrent <> 1 Then
%>
<A HREF="./gbook.asp?page=<%= iPageCurrent - 1 %>&order=<%= Server.URLEncode(strOrderBy) %>&mode=editbadword"><font face="Verdana" size="2">[img]pre.gif[/img]
Previous</font></A>
<%
End If
If iPageCurrent < iPageCount Then
%>
<font face="Verdana" size="2">Next [img]next.gif[/img]</font>
</p>
</center>
<%
End If
%>
<center><font face="Verdana" size="1">Page</font>
<font face="Verdana" size="1" color="#FF0000"> <%= iPageCurrent %> </font>
<font face="Verdana" size="1">of</font>
<font face="Verdana" size="1" color="#FF0000"> <%= iPageCount %>
</font>
</center>
<%end if%>
<%
'add new entry to database
if mode = "updatebadword" then
CONN_STRING = "DBQ=" & Server.MapPath("../fpdb/gbook.mdb") & ";"
CONN_STRING = CONN_STRING & "Driver={Microsoft Access Driver (*.mdb)};"
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open CONN_STRING
id = Request.form("id")
bad = Request.form("bad")
good = Request.form("good")
sql = "update badword set badword='" & bad & "', good='" & good & "' where ID =" & id
Set RS = conn.Execute (sql)
%>
<p align=center><font face="Verdana" size="3" color="#0000FF">Bad word updated</font></p>
<%
conn.close
set conn = nothing
end if
'end add new badword section
%>
<hr color=red size=3 width=500>
<p align=center><font size="2" face="Verdana" color="008800"></font></p>
</body>
</html>
E' necessario modificare il testo passato con i tag appropriati.
prova a inserire questa riga poco prima l'inserimento del record nel database
Nel database troverari che l'apostrofo verrà sostituito da una serie di caratteri "strani". inoltre quando l'utente lascia un messaggio con un "ENTER" inserito nel testo, verrà aggiunto un TAG HTMLcodice:messaggio = Replace(Replace(Request.Form("commento"), chr(13), " ", 1) , "'", "′")
in corrispondenza...
Spiegazione non chiarissimaVVoVe: , ma se fai la modifica, il problema dovrebbe essere risolto!
This machine has no brain. Please, use your own!
Io molto brutalmente ho sostituito
name = ChkString(Request.form("name"))
url = ChkString(Request.form("url"))
email = ChkString(Request.form("email"))
subject = ChkString(Request.form("subject"))
mood = request.form("mood")
message = ChkString(request.form("message"))
postdate = now()
con
name = replace(Request.form("name"),"'","''")
url = ChkString(Request.form("url"))
email = ChkString(Request.form("email"))
subject = replace(Request.form("subject"),"'","''")
mood = request.form("mood")
message = replace(request.form("message"),"'","''")
postdate = now()
e sembra funzionare... ho commesso qualche errore?
Ditemelo perche io di VBscript non so nulla, in pratica faccio dei gran copia e incolla.
il fascino perverso del copia e incolla senza sapere cosa si sta facendoOriginariamente inviato da max67
...
e sembra funzionare... ho commesso qualche errore?
Ditemelo perche io di VBscript non so nulla, in pratica faccio dei gran copia e incolla.
Siccome vado un po' di fretta, non ho fatto tutti i controlli del caso. Cmq queste modifiche al codice dovrebbero andare...codice:name = ChkString(Request.form("name")) url = ChkString(Request.form("url")) email = ChkString(Request.form("email")) subject = ChkString(Request.form("subject")) mood = request.form("mood") message = ChkString(request.form("message")) postdate = date() name_2 = Replace(name, "'", "′") url_2 = Replace(url, "'", "′") email_2 = Replace(email, "'", "′") subject_2 = Replace(Replace(subject, chr(13), " ", 1) , "'", "′") mood_2 = Replace(mood, "'", "′") message_2 = Replace(Replace(message, chr(13), " ", 1) , "'", "′") sql = "insert into message (name, url, mood, subject, message, postdate, email) values ('" & name_2 & "', '" & url_2 & "', '" & mood_2 & "', '" & subject_2 & "', '" & message_2 & "', '" & postdate & "', '" & email_2 & "')" Set RS = conn.Execute (sql) Set objMail = Server.CreateObject("CDONTS.NewMail") objMail.Send "mittente@dominio.net", "indirizzo@dominio.com", "Il book e' stato firmato!", "Vai a leggere il messaggio postato sul book.", 0 Set objMail = nothing
This machine has no brain. Please, use your own!
in genere si usa sostituire l'apice col doppio apice...te luigi con quale apice lo cambi?
cmq max, la prossima volta postaci TUTTO il tuo sito, almeno capiamo meglio il problema
La fretta è una cattiva consigliera: non ho contollato il POST inviato.
Messaggio = Replace(Replace(commento, chr(13), "
", 1) , "'", "&_#_8_2_4_2;")
ho utilizzato "_" perchè altrimenti mi viene visualizzato "'"
This machine has no brain. Please, use your own!
Originariamente inviato da luigi1970
La fretta è una cattiva consigliera: non ho contollato il POST inviato.
Messaggio = Replace(Replace(commento, chr(13), "
", 1) , "'", "&_#_8_2_4_2;")
ho utilizzato "_" perchè altrimenti mi viene visualizzato "'"
ma luigi usare un piu semplice:no?codice:replace("...","'","''")
Permessi di invio
Rispondi quotando