Still using Drumbeat for a project and have just noticed when logging in a user with a ' in their name (i.e. O'Brien) can't log in it seems that the ' mucks up the connection sting to the database. I found this article www.macromedia.com/support/ultradev/ts/documents/login_sb_security.htm and it seems like this is my problem. However the code is very different and am confused, how can I fix this:

var filter_string = [UserNameColumn] + "= '" + String(Request("[userbox]") + "' AND " + [PasswordColumn] + " = '" + String(Request("[passbox]") + "'";

[source].Filter(filter_string);

Any ideas, thanks ?



Edited by - kcoster on 14 Dec 2001 23:40:07

<assming you are using ASP>
You should be able to modify that to look like this:

var filter_string = [UserNameColumn] + "= '" + String(<b>replace(</b>Request("[userbox]"<b>,"'","''"</b> + "' AND " + [PasswordColumn] + " = '" + String(<b>replace(</b>Request("[passbox]"<b>,"'","''"</b> + "'";

as long as you replace single quotes with two single quotes, you are OK
&lt;/assuming you are using ASP&gt;

Joel Martinez [ ]
----------
E-Commerce Concepts with Ultradev...pre-order yours at
www.basic-ultradev.com/ecomm_concepts/

Thats just what i needed thanks - I'll give it a try <img src=../images/dmxzone/forum/icon_smile.gif border=0 align=middle>

I'm actually using JavaScript so I had to use .replace(/'/g, "''" in the end but the principle, replacing ' with '' was the same so thanks again. Now all I have to do is go and correct the pages where I filter on a username !

Thanks again <img src=../images/dmxzone/forum/icon_smile.gif border=0 align=middle>