Add this to your form tag's attributes:

onsubmit="form_onsubmit"

Then add a function called 'form_onsubmit' that loops through the input tags and passes their values to the CleanSQL function.

Monte96,
what I am looking for is the correct syntax for the function you mentioned.I can write a function that passes one part of the form but not ALL fields of the form.

I don't want to have to write a new function for each field. but I don't know how to write just one function an have it loop through all form elements.

I think some kind of collection would work but that is beyond me.

thanks

I have a function that does the same thing and i include it in the asp file's code itsself (but not on the page with the text boxes, on the page that it is being submitted to.)

On the page that gets the submission, I do it when adding the contents of the text box to the database like so (my function name is RA (stands for Reference Apostophes for your info):

MyConnection.Execute("INSERT INTO tblTest (szTest) VALUES ('" & RA(Request.Form("Test")) & "');")



that how i do it atleast.

Ok... assuming that the six input tags are the only text input tags inside the form:


Sub frmMyForm_onsubmit
Dim intLoop
Dim objInput
Dim strTemp

Set objInput = frmMyForm.tags("INPUT")

for intLoop = 0 to objInput.length - 1
if objInput(intLoop).type = "text" Then
strTemp = objInput(intLoop).value
objInput(intLoop).value = CleanSQL(strTemp)
end if
Next
End Sub

I figured out an even simpler way.
I put the cleanSQL function on the page the is called by the submit button.(page2.asp)

then I did something like this:

dim [all form elements]

elementOne = cleanSQL(request.form("frmName"))

I did this w/ all the variables that came from the form.


super cool.
one thing I found out though was I had to use a function I called dirtySQL and take the two single quotes out and replace them w/ one single quote for display purposes.

anyways it works.

thanks fo your help