When you think ASP, think...
Recent Articles
All Articles
ASP.NET Articles
Message Board
Related Web Technologies
User Tips!
Coding Tips

Sample Chapters
Commonly Asked Message Board Questions
JavaScript Tutorials
MSDN Communities Hub
Official Docs
Stump the SQL Guru!
XML Info
Author an Article
ASP ASP.NET ASP FAQs Message Board Feedback
Print this page.
Published: Saturday, March 27, 1999

An ASP Database Support Component
By Doug Dean

If you haven't used components in your asp development, you can learn how to register components, like the EZsiteDEV.dll one discussed here, by reading a few articles available on my web site (http://www.dougdean.com). These articles will also show you how to write your own custom components.

- continued -

The EZsiteDEV.dll is free to use in any of your ASP projects.

When I wrote the Ezsite line of web applications, I didn't realize the demand from developers, like myself, who would utilize my applications in so many unexpected ways. Rather than redesigning the applications to incorporate further access to particular methods, I decided to write separate components to meet the specific programming requests.

One of my applications, Ezsite Forum, involves some complex database processing and string manipulation. After recently completing a developer component for a customer, I realized that many of the component's methods might be valuable to other programmers.

The Component's Methods
Although the two major methods (SaveNewPost & GetPostInfo) of this component are only useful for developers who want to directly manipulate and save posts to Ezsite Forum, the other methods are useful for any database processing.

The remaining twelve methods fall into two different categories. The first category involves manipulating strings originating from a browser form and headed for a database. When I wrote one of my first web applications, I found certain ASCII characters throwing database errors with Access. I also discovered that SQL Server could be very persnickety about the date formats I used. The first six methods correcting these problems are described below.

The next category deals with the formatting of strings being saved to a database with the intention of later being retrieved and sent back to a browser for display. By substituting a HTML break tag for the end of a line (CrLf), text entered into a form's textarea, and saved in a Access data type of memo, can have it's paragraph formatting preserved. I also found it necessary to eliminate asp-scripting execution code, which can be susceptible to ill intentioned hackers.

Database String Methods
Here are the seven database string preparatory methods:


As you can guess, the first four either escape or delete the apostrophe (') and the pipe (|) characters -- which cause errors when saving to Access or SQL Server. To use these methods, you simple use a string as an argument while assigning another string as the returned value. Both can be the same string.

<% '...retrieve the Form string and place it in the StringToTreat variable

Set ObjDEV = Server.CreateObject("EZsiteDEV.PostLibrary")

'CALL THE METHOD StringToTreat = ObjDEV.EscapeApostrophe(StringToTreat)

'...save the StringToTreat to the database


ObjDEV.EscapeApostrophe("That's all")

will product a string like this:

That's all

and would display on a browser like this:

That's all

Escaping the apostrophe and the pipe characters will replace them with ' and | respectfully. In the case where a number precedes the apostrophe ('123), a space will be placed between the ' and the number -- otherwise it would result in a malformed escape code, i.e. 飓.

Using the two delete methods, of course, deletes the apostrophe and pipe charters.

The PrepDateD() and PrepDateTS() methods were created with SQL Server in mind. They will format a date for the Date and TimeStamp data types. The Date type stores a date, while the TimeStamp type stores the date and time. Simply send each method a Date type and they will return a properly SQL Server, and Access, formatted string back.


Depending on the date you use in the preceding code, your return string will look like the following:

{ts '1999-03-22 17:13:02'}



will return:

{d '1951-01-12'}

The last method in this category, PrepStringForDB(), combines four methods into one convenient call. It calls the EscapeApostrophe() and EscapePipe() methods, just explained, and the CRLFtoBR() and EscapeHTMLtags() methods, explained below.

String Formatting Methods
The string formatting methods work similarly.


The CrLftoBR and BRtoCrLf toggle the breaks at the end of a line to an HTML break tag, and visa versa. This allows text to keep its line breaks and paragraph formats.

In order to render scripting commands (<%, %>, <SCRIPT>, </SCRIPT>, <OBJECT>, </OBJECT>) inoperable, the EscapeScriptTags() and DeleteScriptTags() methods will either replace the leading '<' character with <, or delete the tag all together. By using the EscapeScriptTags() method, you will be able to display asp example code without it being interpreted by asp as commands.

The EscapeHTMLtags() method will replace the leading '<' character with <, thereby allowing HTML tags to be viewed rather than interpreted by the browser as command code. This method will not remove the HTML bread tags, so paragraphs and line breaks will be preserved.

Apart from the two remaining methods, which are specific to Ezsite Forum developers, the methods described here should help you with placing text into a database without having to write extra asp code. This component also has the advantage of staying resident in IIS memory space -- and therefore has quickness not found with asp alone.

Doug Dean is an independent developer and consultant in southern California. He is the author of the EZsite line of IIS Applications; EZsite Calendar, EZsite WebNotes, EZsite UpLoad, and EZsite Forum. You can reach Doug with your comments at ddean@deltanet.com, or by visiting his web site at http://www.dougdean.com.

ASP.NET [1.x] [2.0] | ASPMessageboard.com | ASPFAQs.com | Advertise | Feedback | Author an Article