VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Problems and bugs
 Apostrophe in customer lastname login
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

niallpm
Starting Member

Ireland
8 Posts

Posted - May 26 2010 :  10:24:44  Show Profile  Reply with Quote
VPASP V7 around line 2227 in shop$db.asp

templastname=replace(lastname,"'","''")

This replaces apostrophe with double apostrophe in the Lastname field entry during customer login.

Then around line 2234

sql=sql & whereok & " lastname='" & tosql(templastname,"Text") & "'"

Which calls the function tosql which replaces apostrophe with double apostrophe again.

The end result is if your customer is trying to login with lastname O'Sullivan (for example), VPASP will query the field entry O''''Sullivan against the DB and their login will fail.

I fixed this by replacing the line:

sql=sql & whereok & " lastname='" & tosql(templastname,"Text") & "'"

with

sql=sql & whereok & " lastname='" & templastname & "'"

Hope this is useful.

  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000