whatemail
asked on
handling single and double quotes for output as textbox values and database storage
Hi,
I have never really found the perfect solution to this annoying question of how to handle single and double quotes entered by a user.
I know how to replace the single quotes to insert the data into a database, but how do you get the information to show up properly in a form when you need to display the submitted data? Specifically if you use double quotes in your HTML form tags to wrap values attributes, how do you display double quotes submitted by the user? It allows cuts the data short as it thinks that the first double quote in the user's data is the end of the string for the value attribute.
You must all know what i mean, right. Have I just been stupid all this time, is there a solution?
I am about to stop using textboxes all together and just use textareas!! but then you have the headache of dealing and validating textbox lengths, etc. AHHHHH!!!
Please help, your insight might just save my sanity!
If you have a solution = 250 pts, I am really looking for some to add to my knowledge on this.
I have never really found the perfect solution to this annoying question of how to handle single and double quotes entered by a user.
I know how to replace the single quotes to insert the data into a database, but how do you get the information to show up properly in a form when you need to display the submitted data? Specifically if you use double quotes in your HTML form tags to wrap values attributes, how do you display double quotes submitted by the user? It allows cuts the data short as it thinks that the first double quote in the user's data is the end of the string for the value attribute.
You must all know what i mean, right. Have I just been stupid all this time, is there a solution?
I am about to stop using textboxes all together and just use textareas!! but then you have the headache of dealing and validating textbox lengths, etc. AHHHHH!!!
Please help, your insight might just save my sanity!
If you have a solution = 250 pts, I am really looking for some to add to my knowledge on this.
the perfect and correct answer
does this not work?
<input type=text value='<%= server.htmlencode(recordse t("fieldwi thquotesin ")%>'>
-h
<input type=text value='<%= server.htmlencode(recordse
-h
well, that definitely wouldnt because i missed a bracket!
<input type=text value='<%= server.htmlencode(recordse t("fieldwi thquotesin "))%>'>
<input type=text value='<%= server.htmlencode(recordse
Server.HTMLEncode should do it, but beware, the function gives an error when the variable to be encoded is null.
<input type=text value="<%=Server.HTMLEncod e("" & recordset("fieldwithquotes in"))%>">
<input type=text value="<%=Server.HTMLEncod
ASKER
So simple an answer!
Just one sub-question, I think the Server.HTMLEncode seems more robust, but I am worried about Spanish characters, would Server.HTMLEncode affect multi-lingual characters too?
How's this for the final function then?
Function OutTextReplace(strOut)
if len(strOut)>0 then
Dim strProcessed
strProcessed = replace(strOut,"''","'")
strProcessed = Server.HTMLEncode(strOut)
OutTextReplace = strProcessed
else
OutTextReplace = strOut
end if
End Function
Would this seem like a good function to use?
mcallarse, hanneman, sybe all of your answers contributed something to this question. Would you mind if I gave each of you 100 a piece? I just can't afford 250 each.
Thanks for the comment graver.
Just one sub-question, I think the Server.HTMLEncode seems more robust, but I am worried about Spanish characters, would Server.HTMLEncode affect multi-lingual characters too?
How's this for the final function then?
Function OutTextReplace(strOut)
if len(strOut)>0 then
Dim strProcessed
strProcessed = replace(strOut,"''","'")
strProcessed = Server.HTMLEncode(strOut)
OutTextReplace = strProcessed
else
OutTextReplace = strOut
end if
End Function
Would this seem like a good function to use?
mcallarse, hanneman, sybe all of your answers contributed something to this question. Would you mind if I gave each of you 100 a piece? I just can't afford 250 each.
Thanks for the comment graver.
it should work on spanish characters, it should work on any character at all, but i cant say for sure.
why are you using replace() as well? i thought the idea was to show the quotes as they are...
100 each is pretty extravagant! considering:
you dont seem to be using mcallarses solution, i only told you about one little function, and sybe just warned you about nulls.
save your points, give us 20 each if you want...
-h
why are you using replace() as well? i thought the idea was to show the quotes as they are...
100 each is pretty extravagant! considering:
you dont seem to be using mcallarses solution, i only told you about one little function, and sybe just warned you about nulls.
save your points, give us 20 each if you want...
-h
ASKER
hanneman,
The first replace is actually how i am handling single quotes. I have a function called InTextReplace() that replaces every single quote as two single quotes. This way I can use sql statements for database insertions.
The replace in the OutTextReplace() simples reverts the two single quotes to be one single quote for proper displaying of text.
Is there a better method to this?
Although they seemed like small and simple answers, I assure you they have great value to me.
Thank you, I shall await the others before doling out the pts.
The first replace is actually how i am handling single quotes. I have a function called InTextReplace() that replaces every single quote as two single quotes. This way I can use sql statements for database insertions.
The replace in the OutTextReplace() simples reverts the two single quotes to be one single quote for proper displaying of text.
Is there a better method to this?
Although they seemed like small and simple answers, I assure you they have great value to me.
Thank you, I shall await the others before doling out the pts.
Re: Foreign characters, HTMLEncode may corrupt certain Unicode characters, per the following article from the MS KnowledgeBase:
http://support.microsoft.com/default.aspx?scid=KB;en-us;q259352
In your code, would replace
strProcessed = Server.HTMLEncode(strOut)
with
strProcessed = Server.HTMLEncode(strProce ssed)
Other than that, looks good.
http://support.microsoft.com/default.aspx?scid=KB;en-us;q259352
In your code, would replace
strProcessed = Server.HTMLEncode(strOut)
with
strProcessed = Server.HTMLEncode(strProce
Other than that, looks good.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added lately and it seems that this question have been abandoned. So it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question or invite a Moderator to close this question if there's no reply from you after seven days.
In the absence of responses, I will recommend the following:
To accept the comment and points awarded to sybe
** PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER **
Just trying to help for the cleanup...
gladxml
I will leave a recommendation in the Cleanup topic area that this question or invite a Moderator to close this question if there's no reply from you after seven days.
In the absence of responses, I will recommend the following:
To accept the comment and points awarded to sybe
** PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER **
Just trying to help for the cleanup...
gladxml
<input type=textbox value=""Hello, world!"">