We help IT Professionals succeed at work.

Server.htmlEncode - Include html in database string

Medium Priority
566 Views
Last Modified: 2013-11-18
Hi I have the details of a news page coming from a database.  

When i add the details to the database, I do a Server.htmlEncode on the string before it is added to the database.  
But then i discovered that if i wanted to include html code for a link in the string when displayed on the news page it displayed the html instead of the link.

<a href="/news/">News</a> is being displayed instead of just News.

Any idea's?

Thanks
Comment
Watch Question

Commented:
First of all, I would not do a Sever.HTMLEncode before storing things in a database. That will cause problems when you want to update the string. Just store everything in the database as it is written. Encode it eventually when you display it.

Secondly: why do you want to Encode the string?. If you want to remove certain tags, such as <script> tags, you will have to do that specifically.

Author

Commented:
Hi,

I have taken away the server.htmlencode beforestoring the string in the database and just put it before the output.
But a link i placed in the string is being displayed as <a href="/link/">News</a>  instead of an active link displaying just News.

I encode the string because the page has to be xhtml compliant and quiote often when adding to the news page the user would just copy and paste from a word document, but the apostrophe in word is different and when a check is run for xhtml compliance it displays an error.  But when i added the server.htmlencode it passed the xhtml test.

Commented:
If you want to output HTML and have it rendered as HTML then using Server.HTMLEncode will never work because this will always converted HTML characters into HTML entities.

You have to store unencoded HTML and output unencoded HTML - you have no choice there.

> But when i added the server.htmlencode it passed the xhtml test.

Well that seems like a bit dodgy bit of functionality to rely on. There are plenty of instances when I wouldn't rely on that working. For example XHTML singleton tags like <br> must include a trailing blackslash. So "<br>" is not valid XHTML but "<br/>" is.

Server.HTMLEncode won't help you there.

You have to think of a different approach - using Server.HTMLEncode is simply not an option for you.

I can think of two possibilities:

- Write some custom functionality to explicitly check the HTML string for XHTML compliance (LOTS of work).
- Forget about making your output XHTML compliant (absolutely no work at all!!).

Author

Commented:
Ok, i will do a small check for xhtml compliane, the apostrophes the one item that causing me problems.  Specifically it is apostrophes that are pasted form word documents when adding details to a new item.  What is the ASCII code for them?

Commented:
A regular apostrophe is chr(39) but Word has the magical ability to generate weird and wonderful characters...

Author

Commented:
Yeah it is the curly one i am having the trouble with.  Need to know some way of replaceing it.

Commented:
Have a look in an ASCII reference.

I use ASCIIcat which you can download here:

http://ourworld.compuserve.com/homepages/r_harvey/

There's an HTML help file version (asciicat.exe) and a PDF version (asciicat.pdf).

Author

Commented:
Yeah from that i see that it is &rsquo; for the apostrophe but when i replace it it does not pick up the apostrophe when it is pasted from the word document.

The ones i have tried are:

                  strText = replace(rs.fields("Details"),"&#8217;","'")
                  strText = replace(strText,"&","&amp;")
                  strText = replace(strText,"&#8217;","'")
                  strText = replace(strText,"&rsquo;","'")
                  strText = replace(strText,"‘","'")
Commented:
"&rsquo;" is the HTML entity for the character but your string will only contain this if it's been HTML-encoded.

In raw, un-encoded form this character has ASCII value 146.

So maybe in place of:

strText = replace(strText,"&rsquo;","'")

try

strText = replace(strText, Chr(146),"'")

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Thanks, that sorted the problem.

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.