I want the following function to validate a user input. It's fairly crude for the moment but essentially I want to prohibit the user from either leaving the input blank, or from entering single quotes that truncate the user input when it goes into sql.

The code is as follows:

function addCommodCheck() {
var txtAddCommodity = O('txtAddCommodity').value
var illegalChar = false

for (i=0; i<txtAddCommodity.length; i++) {
if (txtAddCommodity.charAt(i) == '-')
illegalChar = true

if (txtAddCommodity == '')
alert("You must input a Commodity before proceeding")
else if (illegalChar = true) {
alert("You cannot use the '-' sign in your Commodity name")
illegalChar = false

I'm not actually sure how to sandwich a single quote within two other single quotes so for now I've used a dash - I'm sure I can figure that out but if someone knows I'd appreciate being told. This isn't the main problem however.

The main problem I'm having is as follows:

Consider the scenario that the user does enter a Dash. This is picked up by the script and the user is informed. The user then removes the dash. However when they next click the button to validate their input they are told once again that there is a dash in the input value.

For some reason the 'illegalChar' variable is not clearing and I'm confused as to why?