By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
426,060 Members | 1,906 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 426,060 IT Pros & Developers. It's quick & easy.

Insert HTML table structure in sql table

Soniad
P: 66
Hello,

I want a complete table structure assign to a variable and then insert this table structure in one of column of sql table.
the problem i am facing is vbscript is not interpreting html tags as string, how to escape this tags and make vbscript to detect as string .


Regards,
"D"
Feb 3 '09 #1
Share this Question
Share on Google+
3 Replies


Expert 100+
P: 210
Please post your code
Feb 4 '09 #2

jhardman
Expert 2.5K+
P: 3,405
@semomaniz
agreed. As a general rule you could try to put the code within a <textarea></textarea>, then asp should be able to handle it fine, but without seeing your code there is no way to see if that would work for you.

Jared
Feb 4 '09 #3

Soniad
P: 66
Hello,

Thanks for ur concern and reply , i got the solution , and working ,
I put table structure in a variable , then in my sql insert query i replaced single quotes in that variable with double single quotes , the problem was sequel injection .

here's the code :

Expand|Select|Wrap|Line Numbers
  1.                                 StrMsg=""
  2.                                 StrMsg=StrMsg&"<table border='0' width='90%' style='border: 1 solid #800000'>"
  3.                                 StrMsg=StrMsg&"<tr>"
  4.                                 StrMsg=StrMsg&"<td width='100%'><img border='0' src='http://www.microlifeline.net/images/registrationl.gif' width='750'  height='98'></td>"
  5.                                 StrMsg=StrMsg&"</tr>"
  6.                                 StrMsg=StrMsg&"<tr>"
  7.                                 StrMsg=StrMsg&"<td width='100%' ><P style='margin-left: 8'><font face='Verdana' size=2>"
  8.                                 StrMsg=StrMsg&" Hello "& strFirstName &",</font></td>"
  9.                                 StrMsg=StrMsg&"</tr>"
  10.                                 StrMsg=StrMsg&"<tr>"
  11.                                 StrMsg=StrMsg&" <td width='100%' ><P style='margin-left: 8'><font face='Verdana' size='2'>"&locateAdd
  12.                                 StrMsg=StrMsg&"</font></td> "
  13.                                 StrMsg=StrMsg&"</tr>"
  14.                                 StrMsg=StrMsg&"<tr>"
  15.                                 StrMsg=StrMsg&"<td width='100%'><P style='margin-left: 8'><font face='Verdana' size='2'>"
  16.                                 StrMsg=StrMsg&" MicroLifeLine Site Admin "
  17.                                 StrMsg=StrMsg&"</font></td>"
  18.                                 StrMsg=StrMsg&"</tr>"
  19.  
  20.                                 StrMsg=replace(StrMsg,"'","''")                                
  21.  
  22.                                 sqlemail = "insert  into Emails_To_Send (mailFrom,mailTo,mailCc,mailBcc,Subject,Message,dtdate,Mail_Sent,Attempts,mailPriority,App_ID,mailFormat)  values('admin@microlifeline.net','"&strEmailAddress&"','"&strEmailAddress&"','"&strEmailAddress&"','"&StrAction&"','"&StrMsg&"',getdate(),0,0,'normal',NULL,'html')"                         
Regards,
"D"
Feb 5 '09 #4

Post your reply

Sign in to post your reply or Sign up for a free account.