Print Page | Close Window

apostrophe in form

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Rich Text Editor (RTE)
Forum Description: Support forum for the Web Wiz Rich Text Editor (RTE).
URL: https://forums.webwiz.net/forum_posts.asp?TID=29198
Printed Date: 29 March 2026 at 7:41am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com


Topic: apostrophe in form
Posted By: eiffel
Subject: apostrophe in form
Date Posted: 22 March 2011 at 8:20pm
I use the last version of RTE and the form save into database but if i got an apostrophe un the text area I got an error when to save into the database.

May you help.

Thanks

Eiffel


Replies:
Posted By: WebWiz-Bruce
Date Posted: 23 March 2011 at 11:59am
It sounds like you are injecting the submitted data directly in to the database. This is very bad!!

Not only will you find issues with apostrophes like you have now but you would be completely open to SQL Injection attacks against the database which could be used to view sensitive data or even drop whole tables.

You should sanitise the submitted data before it is used. If you are using SQL Server or Access you need to escape apostrophes by replacing single apostrophes with two of them (eg '').

It is also worth looking up SQL Injections in Bing or Google so that you know how to also protect against this type of attack.


-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting


Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.08 - https://www.webwizforums.com
Copyright ©2001-2026 Web Wiz Ltd. - https://www.webwiz.net