Solved

input type=hidden

Posted on 2000-05-12
18
391 Views
Last Modified: 2010-04-09
I have a string, composed of part of a SQL query, which I need to preserve by writing it to the HTML page.  I don't want the client to see the data in it, therefore Hidden.  The problem is, I don't seem to get anything but the first word of the string.  Here's the code, generated from VB IIS:

Response.Write "<input type=""Hidden"" size=""75"" name=""garbage"" value=" & strg2 & ">"

When I display this field it contains the first word of the string instead of the complete string.  I can write the same string to a list box and it works except that I find no way to hide it.
0
Comment
Question by:MJTaylor
  • 7
  • 4
  • 2
  • +4
18 Comments
 
LVL 11

Expert Comment

by:thunderchicken
ID: 2805972
Even if it's a hidden input type, users can still access what's in the hidden input type by viewing the source of the html document.  I would just save it as a text file, then access it using ASP.  I've been using response.write in ASP so I assume that's what you are using too.
0
 
LVL 22

Expert Comment

by:CJ_S
ID: 2806027
I woudn't set a size there, because who knows how long the query will be. second.

I suppose you got the strg2 out of the request("query")-method????? That should work......

or try
<input type=hidden name=garbage value=<%=request.form("thequery")%>>

it really should work....

Maybe you have to get rid of the CHR(13) and CHR(10) first....so, you might have to do:

strg = request.form("thequery")
strg = replace(strg, chr(13) & chr(10), " ")
response.write "<input type=hidden name=garbage value='" & strg & "'>"

Good luck,
CJ
0
 
LVL 4

Expert Comment

by:mberumen
ID: 2806189
MJTaylor: you need to use the Server.Urlencode function of ASP to ensure that the complete string is passed on to the next page.

Response.Write "<input type=" "Hidden" " size=" "75" " name=""garbage"" value=' " & server.urlencode(strg2)  & " '>"

This code should preserve the full string of the variable you want to pass in your form.

The reason that you are getting an incomplete string is because the form is truncating the string when it finds the first space

regards

mberumen
0
 

Author Comment

by:MJTaylor
ID: 2806199
To thunderchicken:
I am generating the HTML out of Visual Basic IIS app, so the code isn't visible.  I don't care about that, I just don't want it displayed on the screen.

To C)_S:
You're right about the size.  I build the query on the fly using a bunch of input parameters on the original screen and put the records out in a table. If there are more records than comfortably fit on one screen, I stop execution after writing end of table,form etc.  I put a button at the bottom labeled more.  If the user clicks this button I don't want to go through the whole selection process again, so I write the query to the page and use it as input when the more is clicked.  Therefore, I can't take the spaces out.
I'm very new to HTML and don't understand what happens with the code you suggested, value=<%=request.form("thequery")%>>
0
 
LVL 4

Expert Comment

by:mberumen
ID: 2806204
MJTaylor:

Have you tried my suggestion?.. It will work

:)

Manuel
0
 

Author Comment

by:MJTaylor
ID: 2806217
to mberumen:
I'm just about to....will let you know in a few...Thanks
0
 

Author Comment

by:MJTaylor
ID: 2806244
Well, it replaced all the spaces in my query with + signs and %27 and %28, which caused Access to puke up an error 3075, invalid query.  Any suggestions?
0
 
LVL 4

Expert Comment

by:mberumen
ID: 2806288
i always miss the easy answer

just enclose your variable in aphostrophes!!!

Response.Write "<input type=""Hidden"" size=""75"" name=""garbage"" value='" & strg2 & "'>"

server.urlencode is used to pass string variables as part of the URL, for your form the above code should work

mberumen
0
 

Author Comment

by:MJTaylor
ID: 2806333
Well, I got the first one working by parsing the string after reading it back as input, and replacing the %28 with ( the %26 with & etc.  I think your second suggestion is much simpler and would probably work great if I weren't passing single quotes to Access as part of the string.  Do you know of another character that I can use as a delimiter instead of single quote, but not *, &, ", (, or ) as these characters sometimes make up part of the string?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 22

Expert Comment

by:CJ_S
ID: 2806461
well, you can use double quotes!!!!!!!!

like ""

this will be seen as one quote, and won't be seen as the end of the string.
0
 
LVL 7

Expert Comment

by:nettrom
ID: 2806663
I don't understand why URLencoding the string is of any use, the browser does that when it submits the form anyway, so it's just a bunch of redundancy.
0
 
LVL 1

Expert Comment

by:anyanicky
ID: 2806975
you can hide any form element using css

<textarea name=garbage style="display:none">"hello"</textarea>
0
 
LVL 4

Expert Comment

by:mberumen
ID: 2807708
nettrom:

I agree, I should've never brought URLencoding up!!

MTaylor:

Perhaps you should try embedding the value in HTML an enclose with double quotes
%>
<input type="Hidden" size="75" name="garbage" value="<%=strg2%>">
<%

when you use request response to get the value it should display properly

<%
strSQL=request("garbage")

%>
0
 

Author Comment

by:MJTaylor
ID: 2809026
O.K., guys, I really appreciate all the help.  So far, the only thing that works is using the URLencode and then converting the string after it's read back. The string, strg2, looks like this typically: WHERE Surveysec Like ('Mission') AND Component Like("*"&'Warhead'&"*")  This gets concatenated to the end of the search parameters in code.  As I said, it works using URLencode.  Using single or double quotes won't work because they're part of the string, I think.  That's why I asked if you knew of any other delimiters besides quote and doublequote.
0
 
LVL 2

Expert Comment

by:freshmeat
ID: 2809071
Response.Write "<input type=""Hidden"" size=""75"" name=""garbage"" value=""" & strg2 & """>"

0
 
LVL 1

Accepted Solution

by:
anyanicky earned 50 total points
ID: 2809161
I suggested in my comment that you can hide your listbox (or textarea or whatever) - textarea will allow your quotes, double quotes etc and retain the format to the next page.  Did you try this?
0
 

Author Comment

by:MJTaylor
ID: 2810599
Thanks, but this won't work because the string stops at the first double quote it finds after the left paren.
0
 

Author Comment

by:MJTaylor
ID: 2810647
To anyanicky - Yes I tried it and it works.  It's also useful in that you can turn it on and off to check whether string is being built correctly.  Thank you.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
In this tutorial viewers will learn how to embed videos in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <video> tag to insert a video. Define the src as the URL of your video; this is similar to …
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now