?
Solved

Server.htmlEncode - Include html in database string

Posted on 2006-03-30
10
Medium Priority
?
546 Views
Last Modified: 2013-11-18
Hi I have the details of a news page coming from a database.  

When i add the details to the database, I do a Server.htmlEncode on the string before it is added to the database.  
But then i discovered that if i wanted to include html code for a link in the string when displayed on the news page it displayed the html instead of the link.

<a href="/news/">News</a> is being displayed instead of just News.

Any idea's?

Thanks
0
Comment
Question by:harris9999
  • 5
  • 4
10 Comments
 
LVL 28

Expert Comment

by:sybe
ID: 16339455
First of all, I would not do a Sever.HTMLEncode before storing things in a database. That will cause problems when you want to update the string. Just store everything in the database as it is written. Encode it eventually when you display it.

Secondly: why do you want to Encode the string?. If you want to remove certain tags, such as <script> tags, you will have to do that specifically.
0
 
LVL 3

Author Comment

by:harris9999
ID: 16341229
Hi,

I have taken away the server.htmlencode beforestoring the string in the database and just put it before the output.
But a link i placed in the string is being displayed as <a href="/link/">News</a>  instead of an active link displaying just News.

I encode the string because the page has to be xhtml compliant and quiote often when adding to the news page the user would just copy and paste from a word document, but the apostrophe in word is different and when a check is run for xhtml compliance it displays an error.  But when i added the server.htmlencode it passed the xhtml test.
0
 
LVL 15

Expert Comment

by:deighc
ID: 16342283
If you want to output HTML and have it rendered as HTML then using Server.HTMLEncode will never work because this will always converted HTML characters into HTML entities.

You have to store unencoded HTML and output unencoded HTML - you have no choice there.

> But when i added the server.htmlencode it passed the xhtml test.

Well that seems like a bit dodgy bit of functionality to rely on. There are plenty of instances when I wouldn't rely on that working. For example XHTML singleton tags like <br> must include a trailing blackslash. So "<br>" is not valid XHTML but "<br/>" is.

Server.HTMLEncode won't help you there.

You have to think of a different approach - using Server.HTMLEncode is simply not an option for you.

I can think of two possibilities:

- Write some custom functionality to explicitly check the HTML string for XHTML compliance (LOTS of work).
- Forget about making your output XHTML compliant (absolutely no work at all!!).
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 3

Author Comment

by:harris9999
ID: 16364155
Ok, i will do a small check for xhtml compliane, the apostrophes the one item that causing me problems.  Specifically it is apostrophes that are pasted form word documents when adding details to a new item.  What is the ASCII code for them?

0
 
LVL 15

Expert Comment

by:deighc
ID: 16368504
A regular apostrophe is chr(39) but Word has the magical ability to generate weird and wonderful characters...
0
 
LVL 3

Author Comment

by:harris9999
ID: 16369560
Yeah it is the curly one i am having the trouble with.  Need to know some way of replaceing it.
0
 
LVL 15

Expert Comment

by:deighc
ID: 16369705
Have a look in an ASCII reference.

I use ASCIIcat which you can download here:

http://ourworld.compuserve.com/homepages/r_harvey/

There's an HTML help file version (asciicat.exe) and a PDF version (asciicat.pdf).
0
 
LVL 3

Author Comment

by:harris9999
ID: 16369823
Yeah from that i see that it is &rsquo; for the apostrophe but when i replace it it does not pick up the apostrophe when it is pasted from the word document.

The ones i have tried are:

                  strText = replace(rs.fields("Details"),"&#8217;","'")
                  strText = replace(strText,"&","&amp;")
                  strText = replace(strText,"&#8217;","'")
                  strText = replace(strText,"&rsquo;","'")
                  strText = replace(strText,"‘","'")
0
 
LVL 15

Accepted Solution

by:
deighc earned 2000 total points
ID: 16370056
"&rsquo;" is the HTML entity for the character but your string will only contain this if it's been HTML-encoded.

In raw, un-encoded form this character has ASCII value 146.

So maybe in place of:

strText = replace(strText,"&rsquo;","'")

try

strText = replace(strText, Chr(146),"'")
0
 
LVL 3

Author Comment

by:harris9999
ID: 16371648
Thanks, that sorted the problem.

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found this questions asking how to do this in many different forums, so I will describe here how to implement a solution using PHP and AJAX. The logical flow for the problem should be: Write an event handler for the first drop down box to get …
Browsers only know CSS so your awesome SASS code needs to be translated into normal CSS. Here I'll try to explain what you should aim for in order to take full advantage of SASS.
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
The viewer will learn how to dynamically set the form action using jQuery.
Suggested Courses

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question