locked
How to prevent user from inputting invalid characters in textbox i.e. .,/!"£$%^&*()'@;: RRS feed

  • Question

  • Hello Friends

    I have this line in my code:

       SQL = "INSERT INTO [DataBase$] VALUES ('" + TextBox1 + "',  '" + TextBox2 + "' )"

    But I found if any of the textboxes are filled by user with the ' sign this stops the code and generates "Syntax error in string in expression..."

    Is there any way to stop the users from inputting this/those character(s) ?


    Marcin
    Tuesday, October 20, 2009 1:32 PM

Answers

  • Hello Friends

    I have this line in my code:

       SQL = "INSERT INTO [DataBase$] VALUES ('" + TextBox1 + "',  '" + TextBox2 + "' )"

    But I found if any of the textboxes are filled by user with the ' sign this stops the code and generates "Syntax error in string in expression..."

    Is there any way to stop the users from inputting this/those character(s) ?


    Marcin

    Even better, ask yourself what's going to happen if some malicious user types this in: "0','0');  DELETE FROM [Database$];".


    -- RBarryYoung, (302)375-0451 blog: MovingSQL.com, Twitter: @RBarryYoung
    Proactive Performance Solutions, Inc.
    "Performance is our middle name."

    Please! Remember to Vote all helpful replies as Helpful
    • Marked as answer by Tim Li Tuesday, October 27, 2009 8:35 AM
    Wednesday, October 21, 2009 3:20 AM
  • Use the KeyPress event of the textbox control to determine if unwanted characters are pressed. The KeyAscii parameter will tell you which key was pressed and you can take appropriate action. Also you can make a control group of all the textboxes and process the KeyPress event for all of them with the same code.
    • Marked as answer by Tim Li Tuesday, October 27, 2009 8:35 AM
    Tuesday, October 20, 2009 2:41 PM

All replies

  • Use the KeyPress event of the textbox control to determine if unwanted characters are pressed. The KeyAscii parameter will tell you which key was pressed and you can take appropriate action. Also you can make a control group of all the textboxes and process the KeyPress event for all of them with the same code.
    • Marked as answer by Tim Li Tuesday, October 27, 2009 8:35 AM
    Tuesday, October 20, 2009 2:41 PM
  • Hello Friends

    I have this line in my code:

       SQL = "INSERT INTO [DataBase$] VALUES ('" + TextBox1 + "',  '" + TextBox2 + "' )"

    But I found if any of the textboxes are filled by user with the ' sign this stops the code and generates "Syntax error in string in expression..."

    Is there any way to stop the users from inputting this/those character(s) ?


    Marcin

    Even better, ask yourself what's going to happen if some malicious user types this in: "0','0');  DELETE FROM [Database$];".


    -- RBarryYoung, (302)375-0451 blog: MovingSQL.com, Twitter: @RBarryYoung
    Proactive Performance Solutions, Inc.
    "Performance is our middle name."

    Please! Remember to Vote all helpful replies as Helpful
    • Marked as answer by Tim Li Tuesday, October 27, 2009 8:35 AM
    Wednesday, October 21, 2009 3:20 AM