Solved

Batch file escape characters

Posted on 2009-07-01
6
4,456 Views
Last Modified: 2012-05-07
Hi there,

Our application runs a Windows batch file passing in a string argument. This string is derived from customer data, and so it can contain quotes, ampersands, percentages and so on.

What is the best way of escaping these special characters s the data gets passed into the batch file correctly?

For example, we may call a batchfile 'lookup.bat' that accepts a Product Code as an argument. We recently had trouble with product codes containing ampersands so we changed it from running 'lookup ABC&123" to 'lookup "ABC&123"' That works fine. However, product codes legitimately containing quotes now cause a problem.

Can anyone offer any advice? We need to be able to handle quotes,ampersands and spaces in the same string.

For reference, the contents of this batchfile do something akin to the following:-

run lookup-program :"%1":  

This format is required due to the programming language involved

Rob
0
Comment
Question by:Robmonster
  • 4
6 Comments
 
LVL 67

Accepted Solution

by:
sirbounty earned 250 total points
ID: 24756041
Try using the escape character carat (^)

So,
lookup ABC^&123
does that work?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24756065
You will have to escape any of this characters by prefixing a caret::
()&%!"|

0
 
LVL 16

Assisted Solution

by:t0t0
t0t0 earned 250 total points
ID: 24770457
Please read this reply carefully as it explores several possible solutions.

There is no way to selectively escape certain characters that are part of the command tail. For example, the '&' is used to separate commands therefore, entering something like the following:

   BATCHFILE abc&123

would treat 'BATCHFILE abc' and '123' as two separate commands.

Consider the following line of code for example:

   ECHO abc & ECHO 123

This consists of two echo commands which will result in the following output:

   abc
   123

Even if we remove the space between the 'c' and the '&' as in:

   ECHO abc& ECHO 123

we would still get the same results - and of course, this is also the case if we remove the space between the '&' and the 'E' as in:

   ECHO abc&ECHO 123

Unfortunately, there's no way to force DOS to treat the '&' as part of a string.

The only way to accept certain special characters is to pass them inside double-quotes as in the following example:

   BATCHFILE "abc&123"

There should be no problem with this approach. You would normally pass this on to your LOOKUP program in the following manner:

   LOOKUP %1

because the doubl-quotes are a part of the string (%1) and DOS would expand this to:

   LOOKUP "abc&123"

However, your LOOKUP application expects to be called in the following format:

   LOOKUP :code:

where 'code' is the data and 'code' is surrounded either side by ':' (colon) characters.

Furthermore, you state you are unable to pass double-quoted data to your LOOKUP application. Have you tried including the colons as part of the double-quoted string as in the following example:

   SET Code=":%~1:"
   LOOKUP %Code%

then call your batch file using double-quotes like this:

   BATCHFILE "abc&123"

If that doesn't work, how about substituting the '&' with '^&' as in the following code:

   SET Code=":%~1:"
   SET Code=%Code:&=^&%
   LOOKUP %Code%

or as in the following:

   SET Code=%1
   SET Code=:%Code:&=^&%:
   LOOKUP %Code%

This is a tough one. I have explored probably every way of using redirection too however, I'm wondering if something like the following might work:

   ECHO ":%~1:">Code.txt
   LOOKUP <Code.txt

This last offering is a complete re-write to the previous idea of getting the ':code:' redirected onto the LOOKUP command line however, in order to that, the '&' has to be included in the text file being redirected but without the surrounding double-quotes.

What this program does:

Firstly, ignore everything past the label ':Dec2Hex' as this is self-explanatory - it takes a variable's name whose value is converted from decimal to hexadecimal. This is needed because the DEBUG only works with hexadecimal values.

The program starts by redirecting the parameter (the code) with surrounding colons inside sourrounding double-quotes to a file so that we can get the length of the code itself. Next various caluculations are carried out and converted to hexadecimal which will serve to tell DEBUG how to manipulate the code. Then, the DEBUG's instructions are assembled and written to a file which DEBUG will read in and carry out. Finlly, DEBUG is executed and this neatly removes the surrounding double-quotes from the code.

The last line: 'MORE <lookup.txt' should be changed to run your LOOKUP application as in: 'LOOKUP <lookup.txt'.

If you run the program as it stands, you will notice the output for "abc&123" is just :abc&123: - without the double-quotes and including the surrounding colons. Here's the batch file:


@ECHO OFF
SETLOCAL ENABLEDELAYEDEXPANSION

SET Code=":%~1:"
ECHO %Code%>Lookup.txt
FOR %%a IN (Lookup.txt) DO SET FileLen=%%~za

SET /a FileLen-=2
SET /a CodeLen=FileLen-2
CALL :Dec2Hex FileLen
CALL :Dec2Hex CodeLen
SET /a Address=256+CodeLen
CALL :Dec2hex Address

 >Lookup.bug ECHO m101 l %CodeLen% 100
>>Lookup.bug ECHO e%Address% 0d 0a
>>Lookup.bug ECHO rcx
>>Lookup.bug ECHO %FileLen%
>>Lookup.bug ECHO w
>>Lookup.bug ECHO q

>NUL DEBUG Lookup.txt <Lookup.bug

REM Change the next line to: LOOKUP <lookup.txt
MORE <Lookup.txt
EXIT /B


:Dec2Hex
SET Hex=
SET HexDigits=0123456789ABCDEF
SET h0=!%1!
:Loop
SET /A h1=%h0%/16
SET /A h3=%h0%-16*%h1%
SET h3=!HexDigits:~%h3%,1!
SET Hex=%h3%%Hex%
SET h0=%h1%
IF %h0% GTR 0 GOTO Loop
SET %1=%Hex%
EXIT /B


Well, it might be long but it's the only method I could think of at the time of writing after trying several other methds. This was tested working on an XP machine.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 16

Expert Comment

by:t0t0
ID: 24770482
I foirgot to add. If you run the program in my previous post like this:

   BATCHFILE "abc&123"

It will output the following code:

   :abc&123:

Using redirection, this would form the command tails of your LOOKUP program.
0
 
LVL 16

Expert Comment

by:t0t0
ID: 24773940
Oh, BTW, what's the name of your application and what version is it?
0
 
LVL 16

Expert Comment

by:t0t0
ID: 25086806
Thank you for asking an interesting question.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The following is a collection of cases for strange behaviour when using advanced techniques in DOS batch files. You should have some basic experience in batch "programming", as I'm assuming some knowledge and not further explain the basics. For some…
Being a system administrator some time we require to do things remotely, one of them is installing software. Here I am going to tell you how to install software through wmic (Windows management instrument console). I am not at all saying that this i…
This video discusses moving either the default database or any database to a new volume.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now