Dreamcatchers
Posts: 120
|
Posted: 03/20/2014, 11:06 PM |
|
I'm usig CCS 4.3 using ASP and have a form that accepts a users contact information. I noticed that if an email is email with an apostrophe I get an "invalid email" error message.
I thought this was supposed to handle this since that is a valid character for email addresses.
I am using localization for Canada-English which support charset UTF-8.
Any suggestions on getting this to accept apostrpohes?
_________________
Training and LMS Developer |
|
|
Dreamcatchers
Posts: 120
|
Posted: 03/21/2014, 9:29 PM |
|
I figured it out using examples from others. The key is to use the built in functions of CCS. It will handle all the exceptions and filter out sql injections. Straight SQL is nice but not secure.
SQL = "INSERT INTO roster (Emp_Id, FirstName, LastName, Status, Companyname, Title, Workphone, email, Product_id, Course_date)"
SQL = SQL & "VALUES("& Connection.ToSQL(Emp_Id,ccsInteger) & ","& Connection.ToSQL(FirstName,ccsText) & "," & Connection.ToSQL(LastName,ccsText) & ","
SQL = SQL & Connection.ToSQL(Status,ccsInteger) & "," & Connection.ToSQL(CompanyName,ccsText) & "," & Connection.ToSQL(Title,ccsText) & ","
SQL = SQL & Connection.ToSQL(Workphone,ccsText) & "," & Connection.ToSQL(email,ccsText) & "," & Connection.ToSQL(Product_id,ccsInteger) & ","
SQL = SQL & Connection.ToSQL(Course_Date,ccsText) & ")"
Connection.Execute(SQL)
_________________
Training and LMS Developer |
|
|
eratech
Posts: 513
|
Posted: 03/27/2014, 1:25 AM |
|
I agree that using the built-in functions are much easier than concatenation by hand.
I found the 'Custom Update' for Records and Editable Grids allows a nicer front-end that writing the SQL directly too, and has the advantage that it will convert most things when you upgrade. I've gotten lazier over the years and like a few pre-populated drop-down lists of columns to select and move on instead of remembering everything.
Cheers
Eric
_________________
CCS 3/4/5 ASP Classic, VB.NET, PHP
Melbourne, Victoria, Australia |
|
|
|