An apostophe and a single quote mark are the same thing on a computer keyboard. Since it’s like that, when you create, say, an Insert SQL statement, that contains a an apostrophe, it causes an error. That’s because, when you use an Insert SQL statement, it uses the following syntax:
MySQL=”Insert into TABLEName (Fname, Lname, Address) VALUES (‘” & strFname & “‘, ” & “‘” & strLname & “‘, ” & “‘” & strAddress & “‘”)”
As you can see, the SQL statement uses single quotes around each variable name, so that really messes up the statement when it’s executing. The INSERT statement will think your apostrophe is the end of a string of data, which messes up the rest of the statement.

In order to get around this problem, you can double the single quotes – when SQL encounters two single quotes in a row, it sees them into a single quote.

Here’s a sub you can use to take care of this:

Sub FixQuotes(var)
var = Replace(var, “‘”, “””)
End Sub

Then, before your variable gets into the INSERT statement, you can fix the single quote situation like this:
FixQuotes(strFname)
FixQuotes(strLname)

Let’s say you have a database connection (or several) that you will be using over and over. Yes, you can manually copy/type it in on every ASP.Net page – BUT – an easier way is to store it in the Web.Config file (formerly config.web) and then refer to it in the code.

In Web.Config, you would add a key to the AppSettings Section:

<appSettings>
<add key="MyDBConnection" value="server=YourServer;uid=Username;pwd=Password;database=DBName" />
</appSettings>

for OleDb - use Absolute Path - Not Server.MapPath:
<add key="NWOleDB" value= "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Inetpub\wwwroot\data\northwind.mdb;" />

Then, in your ASP.Net application – just refer to it like this:
Dim myConnection As SqlConnection = New SqlConnection(ConfigurationSettings.AppSettings(“MyDBConnection”))

That’s all there is to it

Click here for Tutorial

Whenever you have a one-time hit of data from a database – use a DataReader – it’s much faster than a DataSet – AND — a Dataset uses a DataReader to get its data…..
If you are requesting data that is going to be used/accessed multiple times, use the DataSet – It grabs the data from the table, puts it in memory and then closes the connection

Sometimes Javascripted validation of a form is not enough – users can view source and run the response page directly…the result is blank form submission.

The way around this, is – on the response page, include the following if/then statement:
If Instr(Request.ServerVariables(“HTTP_REFERER”), “guestbook.asp”) > 0 Then
‘ ——– go ahead and process form
Else
response.redirect “form.asp”
end if