?
Solved

Decode a string back into HTML

Posted on 2010-01-08
8
Medium Priority
?
654 Views
Last Modified: 2012-05-08
Hi All -  I have a classic ASP/VBScript app that connects to a SQL server db.  One of the valuse in my DB is a string looks like this...

Leaders & Summit

When I assign that value to an local array variable and load it in a browers it doesn't "decode" the & but leaves it as is???

How do I decode the string so it reads "Leaders & Summit"

Thanks!
0
Comment
Question by:cdemott33
8 Comments
 
LVL 12

Accepted Solution

by:
R_Harrison earned 500 total points
ID: 26214204
You will have to replace the encoded values as per the example below

encodedvalue=replace(encodedvalue, "&", "&")
0
 

Author Comment

by:cdemott33
ID: 26214421
Ok, but what if there are several encodings?  Like, for example

&
’
etc.

I thought the browser would just SEE the encoding and convert it?  
0
 

Author Comment

by:cdemott33
ID: 26214483
Take a look at this.  When I view the source code for that line, it looks like this...

<div style="padding:2px">Leaders &amp;amp; Summit</div>

Notice the double &amp; ???

Here's another line in the souce code of the browser...

<div style="padding:2px">Pharma&amp;rsquo;s Effective</div>

again it took the "&" sign in the string and ENCODED it?  It hsould be "Pharam's Effective"

Why is it doing that???
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 82

Assisted Solution

by:hielo
hielo earned 1000 total points
ID: 26214683
If your db has this:
Leaders &amp; Summit

 it's very likely that you are retrieving that you are querying the db, retrieving that value exactly as it:
Leaders &amp; Summit

but then you go ahead and encode it once more before sending it to the browser. When you do this, that amp is encoded and it becomes:
Leaders &amp;amp; Summit

Hence your problem. Find the place where you are encoding it again.
0
 
LVL 82

Assisted Solution

by:hielo
hielo earned 1000 total points
ID: 26214776
encoding/decoding functions here:
http://www.aspnut.com/reference/encoding.asp
0
 
LVL 2

Assisted Solution

by:JonasLedel
JonasLedel earned 500 total points
ID: 26221893
If it is possible, I would suggest to change the input to the database. It would be better if the text in the DB was plain text, meaning that it would not be encoded - & instead of &amp; when you want &.
0
 

Author Comment

by:cdemott33
ID: 26284417
Jonas - I have to encode before entering into the database because of SQL Inject attacks.  

heilo - I'm not doing any encoding after I retrieve the values.  Have a look at my full page.  It's written in classic ASP/VBScript connecting to a MS SQL 2005 db.  You'll see that I've created few arrays to hold the values.  I loop through the records assign the specific column value to the specific array.  Finally in the body of the page I loop through the array to display the values in the browser.

Thoughs??? Ideas???  Suggestions???
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include file="xxx path to connection xxx " -->
<%
	DIM arrIngTrackNumber(100), arrIngPurchaserName(100), arrIngOrderDate(100)
	DIM arrIngEventName(100), arrIngJobNumber(100), arrIngType(100), strEndOfFile
	
	FOR i=0 TO UBound(arrIngEventName)
		arrIngEventName(i) = "nothing"
	NEXT

	' Dates
	strDateStart = DateAdd("m", -1, Date())	
	strDateStartWeek = DateAdd("d", -7, Date())
	
	Response.Write(strDateStartWeek)
		
	' Connection
	Set conn = Server.CreateObject("ADODB.Connection")
	conn.open myConnectionString

	' SQL Statement
	strSQLStatement = "SELECT transactionNumber, purchaserName, orderDate, jobNumber, eventName "
	strSQLStatement = strSQLStatement & "FROM onlineOrder "
	strSQLStatement = strSQLStatement & "WHERE orderDate >= '" & strDateStart & "' "
	strSQLStatement = strSQLStatement & "ORDER BY orderDate DESC"
	
	' Open our recordset
	set strFilename=Server.CreateObject("ADODB.recordset")
	strFilename.Open strSQLStatement, conn

	If NOT strFilename.EOF Then
		strFilename.MoveFirst
	
		i = 0
		
		WHILE NOT strFilename.EOF
			arrIngTrackNumber(i) = strFilename.Fields("transactionNumber").value
			arrIngPurchaserName(i) = strFilename.Fields("purchaserName").value
			arrIngOrderDate(i) = strFilename.Fields("orderDate").value
			arrIngJobNumber(i) = strFilename.Fields("jobNumber").value
			arrIngEventName(i) = strFilename.Fields("eventName").value
		i = i + 1
		strFilename.MoveNext
		WEND
	
	ELSE
	
	strEndOfFile = "True"
	
	END IF

	' Close our connection
	strFilename.Close
	conn.Close
	Set strFilename = Nothing
	Set conn = Nothing
%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Transaction Report</title>
</head>

<body>
<h3>Recent Transactions</h3>
<table width="100%">
  <tr>
    <td>&nbsp;
    </td>
    <td>
      <div style="padding:5px; width:140px;"><b>Trans Number</b></div>
    </td>
    <td>
      <div style=" padding:5px; width:140px;"><b>Purchaser Name</b></div>
    </td>
    <td>
      <div style="padding:5px; width:100px;"><b>Order Date</b></div>
    </td>
    <td>
      <div style="padding:5px; width:100px;"><b>Job Number</b></div>
    </td>
    <td>
      <div style="padding:5px; width:100px;"><b>Event Name</b></div>
    </td>
    <td>
      <div style="padding:5px; width:100px;"><b>Print Order</b></div>
    </td>    
  </tr>
<%

	IF NOT strEndOfFile = "True" THEN
	
	i = 0
	
	DO While NOT arrIngEventName(i) = "nothing"
	
	'set row color
	bgcolor="#FFFFFF"
	
	' Display alternate color for rows
	If Repeat1__numRows mod 2 <> 0 Then
		bgcolor="#eeeff0"
	End If
%>  
  <tr bgcolor="<%= bgcolor %>">
    <td>&nbsp;
    </td>
    <td valign="top">
      	<div style="padding:2px">
        
        <%
		If arrIngOrderDate(i) > strDateStartWeek Then
		%>
        <span class="new">NEW!</span>
        <%
		End if
		%>
		
		<%= arrIngTrackNumber(i) %>
        
        </div>
    </td>
    <td valign="top">
      	<div style="padding:2px"><%= arrIngPurchaserName(i) %></div>
    </td>
    <td valign="top">
		<div style="padding:2px"><%= arrIngOrderDate(i) %></div>
    </td>
    <td valign="top">
      	<div style="padding:2px"><%= arrIngJobNumber(i) %></div>
    </td>
    <td valign="top">
		<div style="padding:2px"><% Response.Write(arrIngEventName(i)) %></div>
    </td>
    <td valign="top">
    <div style="padding:2px">
    <input type="BUTTON" value="Printable Receipt" onclick="window.location.href='#'"> 
	</div>
    </td>        
  </tr>
<%
	
	Repeat1__numRows=Repeat1__numRows-1	
	i = i + 1
	 
	LOOP
	
	ELSE
%>
  <tr>
    <td>&nbsp;
    </td>
    <td valign="top">
      <div style="padding:2px">There are no upcoming events listed in your account.</div>
    </td>
    <td valign="top">
      <div style="padding:2px">&nbsp;</div>
    </td>
    <td valign="top">
      <div style="padding:2px">&nbsp;</div>
    </td>
    <td valign="top">
      <div style="padding:2px">&nbsp;</div>
    </td>
    <td valign="top">
      <div style="padding:2px">&nbsp;</div>
    </td>    
  </tr>
<%
	END IF
%>
</body>
</html>

Open in new window

0
 

Author Closing Comment

by:cdemott33
ID: 31674777
Closing ticket.  Thanks for your help guys, but it look like I am the one to blame.  Apparetly it's in the database incorrectly.  Sorry to have wasted your time but you all help be hunt around for the answer.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question