I have a search form on a .aspx page. On the same page I have a ASP SQL Data Source control and a repeater control. The only code behind is there to show and hide certain objects on the page. The page is PostBack for results.
When people enter a single quote( ' ) or a dash( - ) into the search form it explodes (figuratively). I tried putting on "On_Click" code behind, however, since the ASP.Net SQL Data control seems to bypass my code behind page and gather data from the search form controls anyway. I do not want to change the stored procedure because I'm not sure who/what all uses it.
How can I handle ( ' ) and ( - ) in my search form? Any ideas?