?
Solved

replace a ' (apostrophe) with a space (e.g. "")

Posted on 2005-04-27
5
Medium Priority
?
341 Views
Last Modified: 2008-03-04
Is there a way with my text box below i can replace a ' (apostrophe) with a space, If it is entered:

[code]
<input name="heading<%=i%>" type="text" size="100">
[/code]

can this be done with javascript/asp or html?

Picco
0
Comment
Question by:crmpicco
5 Comments
 
LVL 33

Expert Comment

by:hongjun
ID: 13874933
Try something like this


<script language="JavaScript" type="text/javascript">
<!--
function fun(obj) {
    if ( obj.value.charAt(obj.value.length-1) == '\'' )
        obj.value = obj.value.replace("'", "");
}
//-->
</script>


<form name="myform" method="post" action="" onsubmit="return validate()">
<input name="heading<%=i%>" type="text" size="100"  onkeyup="fun(this)">
</form>



hongjun
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 13875954
If you are replacing the apostophe so you can put the value in a database then there is a better way to do this... please advise.
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 13876041
Use parameters when adding, updating and deleting records.

You not only solve the apostrophe problem, but you will avoid most cross site scripting attacks.  When you build a SQL statement on the fly from input, the input becomes executable SQL.  The vast number of different encoding methods makes it impossible to proactively filter all harmful input.

A parameter will never be treated as executeable SQL, so it is tremendously safer.  (It is also faster for complex statements.)

Here is an example:

Dim cmd, conn, RS, cmdText, param, numAffected, connectionString
Const adVarChar = 200
Const adParamInput = = &H0001
Const adExecuteNoRecords = &H00000080

connectionString = Application("examples") ' e.g. "Provider=Microsoft.Jet.OLEDB.4.0;Data Source='E:\web\database\examples.mdb'"

Set cmd = Server.CreateObject("ADODB.Command")
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open(connectionString)

Set cmdText = "INSERT INTO members (username,password) " &_
                       "VALUES (@username,@password);"

Set param = cmd.CreateParameter(@username,adVarChar,adParamInput,CLng(50),request.form("usernm"))
cmd.Parameters.Append param
Set param = cmd.CreateParameter(@password,adVarChar,adParamInput,CLng(50),request.form("pswd"))
cmd.Parameters.Append param

cmd.commandText = cmdText

cmd.Execute numAffected,, adExecuteNoRecords

When you retieve your data and need to display it in a web page you can use Server.HTMLEncode(rs("whatever")) to display the field correctly, including any apostophes.

That way you do not alienate Mr. O'Brian.

Regards,
Rod



0
 

Accepted Solution

by:
jutimes earned 100 total points
ID: 13879453
this is how i would do it in ASP in order to use apostrophe in a search engine or any text form, this is used when selecting items from a SQL database.
when you are declaring your variables use a replace statement, sort of like this.

testname = Request.QueryString("Name")
testname = Replace (testname ,"'","''")

that should replace an ' with a (space)

Hope this helps.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 13926772
I realize you are fairly new here, so I suggest you read the EE Guidelines regarding grading standards at:
What's the right grade to give?
http://www.experts-exchange.com/Databases/Microsoft_SQL_Server/help.jsp#hi73

And specifically this section:

<quote>
C: Because Experts' reliability are often judged by their grading records, many Experts would like the opportunity to clarify if you have questions about their solutions. If you have given the Expert(s) ample time to respond to your clarification posts and you have responded to each of their posts providing requested information; or if the answers, after clarification, lack finality or do not completely address the issue presented, then a "C" grade is an option. You also have the option here of just asking Community Support to delete the question.

Remember, the Expert helping you today is probably going to be helping you next time you post a question. Give them a fair chance to earn an 'Excellent!' grade and they'll provide you with some amazing support. It's also true that a "C" is the lowest grade you can give, and the Experts know that -- so use it judiciously.

Only the Moderators and Page Editors have the choice to give a D grade. Beyond that, in a practical sense, the grading guidelines have "softened" a bit over the last year or two; one might expect that the majority of grades would be Bs (a standard "bell" curve), but the fact is that the culture of the site has caused there to be an inordinately high percentage of As. The Moderators have been instructed to ensure that the As they award are actually "Excellent" answers. Similarly, the C grade is the lowest that can be given by a member, a fact which should be kept in mind when grading as well.

The use of a C in a vindictive manner is likely to be changed by a Moderator. You may not like the answer you get, and in some cases, and you may not like the way it is delivered, but if it is deemed to be accurate, no less than a B is an acceptable grade.
</quote>

Thanks.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question