convert double quotes to single quotes

Hi,
I have a comments field on my form and I am using asp.net with vb  How can I make sure the following things happen when the user enters into the comments field
Convert double quotes to single quote.
 'Need to check to make sure it does not have a tab or line feed or carriage return character in this field
PNKJAsked:
Who is Participating?
 
cwileCommented:
Replacing " with '
Replace(COMMENTSFIELDNAME, Chr(34), Chr(33))

Replacing tab with nothing
Replace(COMMENTSFIELDNAME, Chr(9), "")

Replacing return with nothing
Replace(COMMENTSFIELDNAME, Chr(13), "")



That should do the trick for you.
0
 
jagadeesh_motamarriCommented:
----the best option would be converting them using string manipulations.

Say >> .replace() - for - Convert double quotes to single quote.


____Jags
0
 
PNKJAuthor Commented:
Should we add on key press event
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
jagadeesh_motamarriCommented:
u can either do it on the client side (using javascript ) before the sending the date or on server side(using java or .net class) after submitting the form.
0
 
PNKJAuthor Commented:
Thanks can u please give an example of client side code
0
 
alainbrydenCommented:
Private Sub YourField_KeyPress(Index As Integer, KeyAscii As Integer)
     Select Case KeyAscii
               Case 34: KeyAscii = 33      '    " converted into '
               Case 9, 13: KeyAscii = 0    '    Tab and Carriage Return supressed
     End Select
End Sub

This will make the change immediate when they type in your form.
0
 
PNKJAuthor Commented:
Thanks Alainbryden is this a client side code?
0
 
alainbrydenCommented:
Yes it is.

Whatever textbox/field they are entering their data in, you replace "YourField" with that text box's name. It's a build in function for all fields, so it will just work, and intercept all keys that are typed.

That code belongs in the code of whatever form your field is in.
0
 
lostcarparkCommented:
Just one word of caution. Client side validation is great, but make sure you also validate on the server. Anything that happens on the client side can be tampered with. If you don't also validate on the server, an attacker could send text containing quotes to close the string and then insert their own SQL to gain control of your database. Client side is great for user experience,but always back it up with rock solid server code.

Best of luck,

James
0
 
alainbrydenCommented:
In that case, on the server side you can also say something as easy as:

If ( inStr(strIncoming, chr$(34)) +  inStr(strIncoming, vbNewLine) + inStr(strIncoming, vbTab) > 0 then
     'Reject the Incoming string, because it's been tampered with.

(if any of the inStr functions return a value greater than 0, then the total will be greater than 0, and that's an indication that the client side protection has been bypassed somehow)
0
 
lostcarparkCommented:
You should bear in mind that not all browsers support client side scripting, and some users could be behind strict corportate firewalls that strip out a lot of client-side code. Don't assume that because the string submitted contains disallowed characters that the user is deliberately trying to circumvent your validation. The best strategy is to try to validate on the client side, but if that doesn't work, degrade gracefully to server side validation. The neatest approach is to present the form back to the user with a message saying what's wrong.
0
 
PNKJAuthor Commented:
Hello  alainbryden

I tried using this syntax but I get javascript error for } bracket
Private Sub YourField_KeyPress(Index As Integer, KeyAscii As Integer)
     Select Case KeyAscii
               Case 34: KeyAscii = 33      '    " converted into '
               Case 9, 13: KeyAscii = 0    '    Tab and Carriage Return supressed
     End Select
End Sub
my field name is textbox_comments . Should I write a javascript function that will be called on key _press event of textbox_comments. I am using asp.net
0
 
alainbrydenCommented:
Javascript?!?!?!?!

You said you were doing this in visual basic! What I gave you, and what everyone else gave you, is visual basic code. you are on a WAY different page if you're using Javascript.

Javascript is way way differnt.

You do need do make a key_press event but then you need to intercept what key was pressed, and unless that's build in like in visual basic, you can't just intercept the key and change it the way you can in visual basic. You should have realized how different the syntax is for everyone. In Java it would be something more like.

Private void textbox_comments_key_Press(Int Index, Int KeyAscii)
{
     switch(KeyAscii)
     {
               Case 34: KeyAscii = 33;  break;    //    " converted into '
               Case 9: KeyAscii = 0; break;        //Supress tab
               Case 13: KeyAscii = 0; break;      //Supress return
     }
}

But like I said, that won't work unless you find a way to send the function KeyAscii.
0
 
alainbrydenCommented:
rough, I spent a lot of time on this thread.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.