|
Hello,
Thanks for ur concern and reply , i got the solution , and working ,
I put table structure in a variable , then in my sql insert query i replaced single quotes in that variable with double single quotes , the problem was sequel injection .
here's the code : - StrMsg=""
-
StrMsg=StrMsg&"<table border='0' width='90%' style='border: 1 solid #800000'>"
-
StrMsg=StrMsg&"<tr>"
-
StrMsg=StrMsg&"<td width='100%'><img border='0' src='http://www.microlifeline.net/images/registrationl.gif' width='750' height='98'></td>"
-
StrMsg=StrMsg&"</tr>"
-
StrMsg=StrMsg&"<tr>"
-
StrMsg=StrMsg&"<td width='100%' ><P style='margin-left: 8'><font face='Verdana' size=2>"
-
StrMsg=StrMsg&" Hello "& strFirstName &",</font></td>"
-
StrMsg=StrMsg&"</tr>"
-
StrMsg=StrMsg&"<tr>"
-
StrMsg=StrMsg&" <td width='100%' ><P style='margin-left: 8'><font face='Verdana' size='2'>"&locateAdd
-
StrMsg=StrMsg&"</font></td> "
-
StrMsg=StrMsg&"</tr>"
-
StrMsg=StrMsg&"<tr>"
-
StrMsg=StrMsg&"<td width='100%'><P style='margin-left: 8'><font face='Verdana' size='2'>"
-
StrMsg=StrMsg&" MicroLifeLine Site Admin "
-
StrMsg=StrMsg&"</font></td>"
-
StrMsg=StrMsg&"</tr>"
-
-
StrMsg=replace(StrMsg,"'","''")
-
-
sqlemail = "insert into Emails_To_Send (mailFrom,mailTo,mailCc,mailBcc,Subject,Message,dtdate,Mail_Sent,Attempts,mailPriority,App_ID,mailFormat) values('admin@microlifeline.net','"&strEmailAddress&"','"&strEmailAddress&"','"&strEmailAddress&"','"&StrAction&"','"&StrMsg&"',getdate(),0,0,'normal',NULL,'html')"
Regards,
"D"
| |