Simple include function to loop through a given string and (a) concatenate it to the maximum length, (b) silently drop any unwanted characters and (c) pad all single quotes with a 2nd single quote (for using in MS-SQL statements).
Terms of Agreement:
By using this article, you agree to the following terms...
You may use
this article in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
You MAY NOT redistribute this article (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
You may link to this article from another website, but ONLY if it is not wrapped in a frame.
You will abide by any additional copyright restrictions which the author may have placed in the article or article's description.
If you've not used Chr() function before, open notepad, hold hown your left Alt key, and type in the 3-digit number on the numeric keypad to see what character I'm checking for!
Note this is probably not the most efficient or elegant way of programming, and I like to use variable names I can understand when I look at the file 3 years later!
Function fCheckChar( strCheck, numLenMax )
strOut = ""
numLen = Len(strCheck)
If numLenMax <> "" Then
numMax = CInt(numLenMax)
numMax = 99
If numLen > numMax Then
strCheck = Mid(strCheck,1,numMax)
numLen = numMax
For i = 1 to numLen
strChar = Mid(strCheck,i,1)
If (strChar > Chr(031) AND strChar < Chr(127)) _
OR (strChar = Chr(010)) _
OR (strChar = Chr(013)) Then
If strChar = Chr(034) _
OR strChar = Chr(039) Then
strOut = strOut & Chr(039) & Chr(039)
strOut = strOut & strChar
fCheckChar = strOut
Sorry this script does not stand up to the Advanced category. 1 - The function needs better definition. Private or Public 2 - The arguments passed in should use the ByRef or ByVal definitions. 3 - You use many variables in the function without Dimensioning them.
These three things alone will have a major impact on how polite your function behaves within the whole of an application.
You are replacing double and single quotes with a pair or single quotes. What if the user already placed a pair of single quotes in the input? Now you have 4 single quotes in a row!
If you are looking to protect your queries from bad characters or "SQL injection" I'd suggest you look into stored procedures. (If this comment was disrespectful, please report it.)
Add Your Feedback
Your feedback will be posted below and an email sent to
the author. Please remember that the author was kind enough to
share this with you, so any criticisms must be stated politely, or they
will be deleted. (For feedback not related to this particular article, please
click here instead.)