In ASP, is there a way to replace characters. What I mean by this is that I have a form in which users can submit their comments. Now what they do is they at times even use the singl-quotation (also known as an apostrophe) in their messages. Now when the message is being added to the database, that single-quotation causes an error and the user gets frustrated not knowing what to do.

I have used the following code:

message=request.QueryString("message")

set con=server.createobject("ADODB.connection")
con.open "provider=microsoft.jet.oledb.4.0;data source="&server.mappath("database.mdb")

post="INSERT into MessagesTable(Message,MsgBy)values('" & message & "','" & msgby & "')"
set post=con.execute(post)

Also, if this can be done, I suppose many thnigs like this can be done -- making text appear in bold and italics should be functioning just like it functions in these forums. I hope I have made myself clear!

Thanks,
Hassaan

When you say ASP, do you mean VBScript? If so it's quite simple...

Replace(string, char(s) to replace, char(s) to replace them with)

Hope this helps.

the entire replacement code you're looking for is

Replace(message,"'","''")

executing inline SQL leaves you open to SQL injection.. please consider using stored procedures.

the code that you suggested hasn't worked in my case. dont know what's going wrong but it isn't working --- i copied and pasted your code.
also can you explain the last line in your reply (Kodo) about SQL injections...

If you have your SQL command in your ASP, eg

post="INSERT into MessagesTable(Message,MsgBy)values('" & message & "','" & msgby & "')"
set post=con.execute(post)

then a malicious user could set "msgby" to something like

"0; xp_cmdshell 'format c:'"

anything after the semicolon is treated as a new command... they might need a few random quote marks to break out of the string delimiter but that's no great feat.