Remove ' from string

Hello,

Beeing the javascript newbie I am, I don't know if the following is possible.

Due to a sql-bug I'd like to remove any ' that is in an string. The string
is entered on an asp webpage (yes yes.. I know) in an "username" textfield
and a "password" textfield, and forwarded to the page where the username and pw
will be "tested in the DB".

Do you know, how I can test/remove any ' in the password or username string?

Thanks in advance,

/Svend Rost

Normally one would escape the apostroph so that it becomes possible to use it in a SQL string, i.e. "Don O'Don" becomes "Don O''Don".
Just build a new string by iterating through the input string one character at a time, and if the current character is the apostroph, either don't add it to the new string, or add it twice.
From a security point of view, you should do this on the server, though. NEVER pass any input that comes from a web page directly to the database unless you have parsed it on the server, or at least ascertained that it contains no evil characters (meaningful to SQL, that is).

You should be handling this on the server and not on the client. with the asp, you can easily do a relace with the string.

sMyString = Replace(sMyString, "'", " ")
or
Server.URLEncode()

It can be done with JavaScript, but you have to rely on the user having it set. Plus ou could always have SQL injection attacks.

Eric