replace a ' (apostrophe) with a space (e.g. "")

Posted on 2005-04-27
Last Modified: 2008-03-04
Is there a way with my text box below i can replace a ' (apostrophe) with a space, If it is entered:

<input name="heading<%=i%>" type="text" size="100">

can this be done with javascript/asp or html?

Question by:crmpicco
    LVL 33

    Expert Comment

    Try something like this

    <script language="JavaScript" type="text/javascript">
    function fun(obj) {
        if ( obj.value.charAt(obj.value.length-1) == '\'' )
            obj.value = obj.value.replace("'", "");

    <form name="myform" method="post" action="" onsubmit="return validate()">
    <input name="heading<%=i%>" type="text" size="100"  onkeyup="fun(this)">

    LVL 29

    Expert Comment

    If you are replacing the apostophe so you can put the value in a database then there is a better way to do this... please advise.
    LVL 29

    Expert Comment

    Use parameters when adding, updating and deleting records.

    You not only solve the apostrophe problem, but you will avoid most cross site scripting attacks.  When you build a SQL statement on the fly from input, the input becomes executable SQL.  The vast number of different encoding methods makes it impossible to proactively filter all harmful input.

    A parameter will never be treated as executeable SQL, so it is tremendously safer.  (It is also faster for complex statements.)

    Here is an example:

    Dim cmd, conn, RS, cmdText, param, numAffected, connectionString
    Const adVarChar = 200
    Const adParamInput = = &H0001
    Const adExecuteNoRecords = &H00000080

    connectionString = Application("examples") ' e.g. "Provider=Microsoft.Jet.OLEDB.4.0;Data Source='E:\web\database\examples.mdb'"

    Set cmd = Server.CreateObject("ADODB.Command")
    Set conn = Server.CreateObject("ADODB.Connection")

    Set cmdText = "INSERT INTO members (username,password) " &_
                           "VALUES (@username,@password);"

    Set param = cmd.CreateParameter(@username,adVarChar,adParamInput,CLng(50),request.form("usernm"))
    cmd.Parameters.Append param
    Set param = cmd.CreateParameter(@password,adVarChar,adParamInput,CLng(50),request.form("pswd"))
    cmd.Parameters.Append param

    cmd.commandText = cmdText

    cmd.Execute numAffected,, adExecuteNoRecords

    When you retieve your data and need to display it in a web page you can use Server.HTMLEncode(rs("whatever")) to display the field correctly, including any apostophes.

    That way you do not alienate Mr. O'Brian.



    Accepted Solution

    this is how i would do it in ASP in order to use apostrophe in a search engine or any text form, this is used when selecting items from a SQL database.
    when you are declaring your variables use a replace statement, sort of like this.

    testname = Request.QueryString("Name")
    testname = Replace (testname ,"'","''")

    that should replace an ' with a (space)

    Hope this helps.
    LVL 75

    Expert Comment

    by:Anthony Perkins
    I realize you are fairly new here, so I suggest you read the EE Guidelines regarding grading standards at:
    What's the right grade to give?

    And specifically this section:

    C: Because Experts' reliability are often judged by their grading records, many Experts would like the opportunity to clarify if you have questions about their solutions. If you have given the Expert(s) ample time to respond to your clarification posts and you have responded to each of their posts providing requested information; or if the answers, after clarification, lack finality or do not completely address the issue presented, then a "C" grade is an option. You also have the option here of just asking Community Support to delete the question.

    Remember, the Expert helping you today is probably going to be helping you next time you post a question. Give them a fair chance to earn an 'Excellent!' grade and they'll provide you with some amazing support. It's also true that a "C" is the lowest grade you can give, and the Experts know that -- so use it judiciously.

    Only the Moderators and Page Editors have the choice to give a D grade. Beyond that, in a practical sense, the grading guidelines have "softened" a bit over the last year or two; one might expect that the majority of grades would be Bs (a standard "bell" curve), but the fact is that the culture of the site has caused there to be an inordinately high percentage of As. The Moderators have been instructed to ensure that the As they award are actually "Excellent" answers. Similarly, the C grade is the lowest that can be given by a member, a fact which should be kept in mind when grading as well.

    The use of a C in a vindictive manner is likely to be changed by a Moderator. You may not like the answer you get, and in some cases, and you may not like the way it is delivered, but if it is deemed to be accurate, no less than a B is an acceptable grade.


    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
    This demonstration started out as a follow up to some recently posted questions on the subject of logging in: and…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now