Solved

convert double quotes to single quotes

Posted on 2006-06-20
14
571 Views
Last Modified: 2012-08-13
Hi,
I have a comments field on my form and I am using asp.net with vb  How can I make sure the following things happen when the user enters into the comments field
Convert double quotes to single quote.
 'Need to check to make sure it does not have a tab or line feed or carriage return character in this field
0
Comment
Question by:PNKJ
  • 5
  • 4
  • 2
  • +2
14 Comments
 
LVL 2

Accepted Solution

by:
cwile earned 250 total points
Comment Utility
Replacing " with '
Replace(COMMENTSFIELDNAME, Chr(34), Chr(33))

Replacing tab with nothing
Replace(COMMENTSFIELDNAME, Chr(9), "")

Replacing return with nothing
Replace(COMMENTSFIELDNAME, Chr(13), "")



That should do the trick for you.
0
 
LVL 10

Expert Comment

by:jagadeesh_motamarri
Comment Utility
----the best option would be converting them using string manipulations.

Say >> .replace() - for - Convert double quotes to single quote.


____Jags
0
 

Author Comment

by:PNKJ
Comment Utility
Should we add on key press event
0
 
LVL 10

Expert Comment

by:jagadeesh_motamarri
Comment Utility
u can either do it on the client side (using javascript ) before the sending the date or on server side(using java or .net class) after submitting the form.
0
 

Author Comment

by:PNKJ
Comment Utility
Thanks can u please give an example of client side code
0
 
LVL 20

Expert Comment

by:alainbryden
Comment Utility
Private Sub YourField_KeyPress(Index As Integer, KeyAscii As Integer)
     Select Case KeyAscii
               Case 34: KeyAscii = 33      '    " converted into '
               Case 9, 13: KeyAscii = 0    '    Tab and Carriage Return supressed
     End Select
End Sub

This will make the change immediate when they type in your form.
0
 

Author Comment

by:PNKJ
Comment Utility
Thanks Alainbryden is this a client side code?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 20

Expert Comment

by:alainbryden
Comment Utility
Yes it is.

Whatever textbox/field they are entering their data in, you replace "YourField" with that text box's name. It's a build in function for all fields, so it will just work, and intercept all keys that are typed.

That code belongs in the code of whatever form your field is in.
0
 
LVL 5

Expert Comment

by:lostcarpark
Comment Utility
Just one word of caution. Client side validation is great, but make sure you also validate on the server. Anything that happens on the client side can be tampered with. If you don't also validate on the server, an attacker could send text containing quotes to close the string and then insert their own SQL to gain control of your database. Client side is great for user experience,but always back it up with rock solid server code.

Best of luck,

James
0
 
LVL 20

Expert Comment

by:alainbryden
Comment Utility
In that case, on the server side you can also say something as easy as:

If ( inStr(strIncoming, chr$(34)) +  inStr(strIncoming, vbNewLine) + inStr(strIncoming, vbTab) > 0 then
     'Reject the Incoming string, because it's been tampered with.

(if any of the inStr functions return a value greater than 0, then the total will be greater than 0, and that's an indication that the client side protection has been bypassed somehow)
0
 
LVL 5

Expert Comment

by:lostcarpark
Comment Utility
You should bear in mind that not all browsers support client side scripting, and some users could be behind strict corportate firewalls that strip out a lot of client-side code. Don't assume that because the string submitted contains disallowed characters that the user is deliberately trying to circumvent your validation. The best strategy is to try to validate on the client side, but if that doesn't work, degrade gracefully to server side validation. The neatest approach is to present the form back to the user with a message saying what's wrong.
0
 

Author Comment

by:PNKJ
Comment Utility
Hello  alainbryden

I tried using this syntax but I get javascript error for } bracket
Private Sub YourField_KeyPress(Index As Integer, KeyAscii As Integer)
     Select Case KeyAscii
               Case 34: KeyAscii = 33      '    " converted into '
               Case 9, 13: KeyAscii = 0    '    Tab and Carriage Return supressed
     End Select
End Sub
my field name is textbox_comments . Should I write a javascript function that will be called on key _press event of textbox_comments. I am using asp.net
0
 
LVL 20

Expert Comment

by:alainbryden
Comment Utility
Javascript?!?!?!?!

You said you were doing this in visual basic! What I gave you, and what everyone else gave you, is visual basic code. you are on a WAY different page if you're using Javascript.

Javascript is way way differnt.

You do need do make a key_press event but then you need to intercept what key was pressed, and unless that's build in like in visual basic, you can't just intercept the key and change it the way you can in visual basic. You should have realized how different the syntax is for everyone. In Java it would be something more like.

Private void textbox_comments_key_Press(Int Index, Int KeyAscii)
{
     switch(KeyAscii)
     {
               Case 34: KeyAscii = 33;  break;    //    " converted into '
               Case 9: KeyAscii = 0; break;        //Supress tab
               Case 13: KeyAscii = 0; break;      //Supress return
     }
}

But like I said, that won't work unless you find a way to send the function KeyAscii.
0
 
LVL 20

Expert Comment

by:alainbryden
Comment Utility
rough, I spent a lot of time on this thread.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
This article will show, step by step, how to integrate R code into a R Sweave document
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now