asked on VBScript storing html encode in SQL Server 2008
I'm building a site using VBScript (Classic ASP), something i have always struggled with is storing user data correctly in the database, what I mean is where users enter data that contain @£$%^&*() etc, now i know to use Server.htmlencode when sending the data to be stored in the database, which means that & becomes & the issue I have is that users can edit data, and I don't want & to become & !
So my question, is, what is the correct way to handle this..
Thanks
So my question, is, what is the correct way to handle this..
Thanks
ASPVB ScriptMicrosoft SQL Server 2008
Last Comment
garethtnash
ASKER
Hi,
This is for standard input form items, not text areas. Quick question, is there a way to HTMLDecode using JQuery?
Thanks
This is for standard input form items, not text areas. Quick question, is there a way to HTMLDecode using JQuery?
Thanks
the control doesn't matter. it can be either a text box or a textarea
If you wanted to do this client side (which I don't recommend unless you're also validating on the server as well, you could use the unescape function()
you could also try something like this for jquery:
var decoded = $("<input>").html( '<%=encodedData%>' ).text();
Personally, I'd stick with the server side solution
If you wanted to do this client side (which I don't recommend unless you're also validating on the server as well, you could use the unescape function()
you could also try something like this for jquery:
var decoded = $("<input>").html( '<%=encodedData%>' ).text();
Personally, I'd stick with the server side solution
There shouldn't be a need to decode.
If you encoded, it should still display correctly.
If you you input "0 < 5" and encode it then display what is in the browser <input value="<%=rs("data")%>"> it should be fine.
Try <input value="0 < 5"> http://jsbin.com/diponalicu/1/edit
If you encoded, it should still display correctly.
If you you input "0 < 5" and encode it then display what is in the browser <input value="<%=rs("data")%>"> it should be fine.
Try <input value="0 < 5"> http://jsbin.com/diponalicu/1/edit
ASKER
The reason I ask, is that I'm dynamically populating the form using query like
Which loads the value stored in the link job title data attribute into the form input Edit_Job_Title, the value could contain a " if html decoded before it is loaded into the form input..
Thank you
$('#Edit_Job_Title').val($(this).data('jobtitle'));
Which loads the value stored in the link job title data attribute into the form input Edit_Job_Title, the value could contain a " if html decoded before it is loaded into the form input..
Thank you
did you try using the unescape() function?
ASKER
So,
Doing this server side, presumably, I decode first and then encode?
Sorry, if I'm not making sense here but previously I server.htmlencode on first input, which stored & and then I server.htmlencode on update, that ended up storing &amp;
Presumably now i need to do something like
<%=Server.HTMLencode(HTMLD
Appreciate all your thoughts.
Thank you
Doing this server side, presumably, I decode first and then encode?
Sorry, if I'm not making sense here but previously I server.htmlencode on first input, which stored & and then I server.htmlencode on update, that ended up storing &amp;
Presumably now i need to do something like
<%=Server.HTMLencode(HTMLD
Appreciate all your thoughts.
Thank you
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thank you
Open in new window