Your best option is to use Server.UrlEncode()when redisplaying entered text
or displaying text with special characters from SQL.
You should look at using SQL parameters within ADO.NET to protect against or
limit SQL Injection attacks (or deal with single quotes). Replacing single
quotes will require that you again change your text at a later time. There
is nothing inherently wrong with a single quote inside of SQL, but you have
to use a method to insert text other than surrounding it with single quotes
which is not a good practice for other reasons above.
--
Andrew Robinson
www.binaryocean.com www.bellinghamdotnet.org
"Abraham Andres Luna" <ab*@rdk.com> wrote in message
news:Ok*************@TK2MSFTNGP10.phx.gbl...
hello everyone,
is there a method in .net that will format:
MIKE O'CON"NEL\
to:
MIKE O''CON"NEL\\
so that the data i pull from sql is html/javascript safe
and is there a method that will clean up client input data so i can insert
it into sql
if they client enters an apostrophe ' i have to double it up so it can be
inserted, etc
ty