Preventing SQL Injection - Convert to Entity Number
When working with rich text editors or simple forms that post to a database it is always necessary to strip out and replace characters (like single quotes) that might be prohibited by database programs or potentially used in SQL injection scripts by hackers.In ASP this is often done with a trim-replace VB function like this:<% field_name = Trim(Replace(Field_Name, ' , )) %>The code trims white space on both sides of the Field_Name and then replaces all single quotes with a blank space....
