Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

convert double quotes to single quotes

Posted on 2006-06-20
14
Medium Priority
?
580 Views
Last Modified: 2012-08-13
Hi,
I have a comments field on my form and I am using asp.net with vb  How can I make sure the following things happen when the user enters into the comments field
Convert double quotes to single quote.
 'Need to check to make sure it does not have a tab or line feed or carriage return character in this field
0
Comment
Question by:PNKJ
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +2
14 Comments
 
LVL 2

Accepted Solution

by:
cwile earned 1000 total points
ID: 16945772
Replacing " with '
Replace(COMMENTSFIELDNAME, Chr(34), Chr(33))

Replacing tab with nothing
Replace(COMMENTSFIELDNAME, Chr(9), "")

Replacing return with nothing
Replace(COMMENTSFIELDNAME, Chr(13), "")



That should do the trick for you.
0
 
LVL 10

Expert Comment

by:jagadeesh_motamarri
ID: 16945779
----the best option would be converting them using string manipulations.

Say >> .replace() - for - Convert double quotes to single quote.


____Jags
0
 

Author Comment

by:PNKJ
ID: 16945907
Should we add on key press event
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Expert Comment

by:jagadeesh_motamarri
ID: 16945982
u can either do it on the client side (using javascript ) before the sending the date or on server side(using java or .net class) after submitting the form.
0
 

Author Comment

by:PNKJ
ID: 16946009
Thanks can u please give an example of client side code
0
 
LVL 21

Expert Comment

by:alainbryden
ID: 16946249
Private Sub YourField_KeyPress(Index As Integer, KeyAscii As Integer)
     Select Case KeyAscii
               Case 34: KeyAscii = 33      '    " converted into '
               Case 9, 13: KeyAscii = 0    '    Tab and Carriage Return supressed
     End Select
End Sub

This will make the change immediate when they type in your form.
0
 

Author Comment

by:PNKJ
ID: 16946354
Thanks Alainbryden is this a client side code?
0
 
LVL 21

Expert Comment

by:alainbryden
ID: 16946400
Yes it is.

Whatever textbox/field they are entering their data in, you replace "YourField" with that text box's name. It's a build in function for all fields, so it will just work, and intercept all keys that are typed.

That code belongs in the code of whatever form your field is in.
0
 
LVL 5

Expert Comment

by:lostcarpark
ID: 16947006
Just one word of caution. Client side validation is great, but make sure you also validate on the server. Anything that happens on the client side can be tampered with. If you don't also validate on the server, an attacker could send text containing quotes to close the string and then insert their own SQL to gain control of your database. Client side is great for user experience,but always back it up with rock solid server code.

Best of luck,

James
0
 
LVL 21

Expert Comment

by:alainbryden
ID: 16947619
In that case, on the server side you can also say something as easy as:

If ( inStr(strIncoming, chr$(34)) +  inStr(strIncoming, vbNewLine) + inStr(strIncoming, vbTab) > 0 then
     'Reject the Incoming string, because it's been tampered with.

(if any of the inStr functions return a value greater than 0, then the total will be greater than 0, and that's an indication that the client side protection has been bypassed somehow)
0
 
LVL 5

Expert Comment

by:lostcarpark
ID: 16949791
You should bear in mind that not all browsers support client side scripting, and some users could be behind strict corportate firewalls that strip out a lot of client-side code. Don't assume that because the string submitted contains disallowed characters that the user is deliberately trying to circumvent your validation. The best strategy is to try to validate on the client side, but if that doesn't work, degrade gracefully to server side validation. The neatest approach is to present the form back to the user with a message saying what's wrong.
0
 

Author Comment

by:PNKJ
ID: 16950359
Hello  alainbryden

I tried using this syntax but I get javascript error for } bracket
Private Sub YourField_KeyPress(Index As Integer, KeyAscii As Integer)
     Select Case KeyAscii
               Case 34: KeyAscii = 33      '    " converted into '
               Case 9, 13: KeyAscii = 0    '    Tab and Carriage Return supressed
     End Select
End Sub
my field name is textbox_comments . Should I write a javascript function that will be called on key _press event of textbox_comments. I am using asp.net
0
 
LVL 21

Expert Comment

by:alainbryden
ID: 16951260
Javascript?!?!?!?!

You said you were doing this in visual basic! What I gave you, and what everyone else gave you, is visual basic code. you are on a WAY different page if you're using Javascript.

Javascript is way way differnt.

You do need do make a key_press event but then you need to intercept what key was pressed, and unless that's build in like in visual basic, you can't just intercept the key and change it the way you can in visual basic. You should have realized how different the syntax is for everyone. In Java it would be something more like.

Private void textbox_comments_key_Press(Int Index, Int KeyAscii)
{
     switch(KeyAscii)
     {
               Case 34: KeyAscii = 33;  break;    //    " converted into '
               Case 9: KeyAscii = 0; break;        //Supress tab
               Case 13: KeyAscii = 0; break;      //Supress return
     }
}

But like I said, that won't work unless you find a way to send the function KeyAscii.
0
 
LVL 21

Expert Comment

by:alainbryden
ID: 16970586
rough, I spent a lot of time on this thread.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is about my first experience with programming Arduino.
The SignAloud Glove is capable of translating American Sign Language signs into text and audio.
Progress
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question