On the members page, if you enter a search term with a single quote and submit, the single quote is doubled in the text box.
The search term is put through the chkstring() function, to be used in the SQL query, but it is also being used for the display text.
Solution is to store the search term that is to be displayed, in another variable that is not put through chkstring() function.
In members.asp, find lines 81-84:SearchName = trim(chkString(Request("M_NAME"),"SQLString"))
if SearchName = "" then
SearchName = trim(chkString(Request.Form("M_NAME"),"SQLString"))
end if
Change it to this:SearchName = trim(Request("M_NAME"))
if SearchName = "" then
SearchName = trim(Request.Form("M_NAME"))
end if
SearchNameDisplay = SearchName
SearchName = chkString(SearchName, "sqlstring")
Find line 279:" <input type=""text"" name=""M_NAME"" value=""" & SearchName & """></font></td>" & vbNewline & _
And change it to this:" <input type=""text"" name=""M_NAME"" value=""" & SearchNameDisplay & """></font></td>" & vbNewline & _
<
Forum Locked
Topic Locked
Posted - 24 August 2006 : 21:01:18
