Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.
Course Of The Month
3 days, 16 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
replace quotes with UTF-8 character
Posted on 2016-09-09
I have an ASP page that updates information into my SQL 2008R2 database.
The use of quotes and other characters is causing issues so I have a function that replaces then with their Unicode character, below is the function:
I am trying to apply this into the ASP code but I am doing something wrong that is not working. Here is what I have. I could use some help.
* This is just part of the code, but the part I think is relevant to the issue.
The use of quotes and other characters is causing issues so I have a function that replaces then with their Unicode character, below is the function:
function clean( str )
if str <> "" and not isNull( str ) then
str = Replace( str, "<", "" )
str = Replace( str, ">", "" )
str = Replace( str, "&", "&" )
str = Replace( str, "'", "'" )
str = Replace( str, """, "\""" )
str = Replace( str, "&apos;", "'" )
str = Replace( str, chr(226) & chr(128) & chr(156), "" ) 'replaces left smart quote
str = Replace( str, chr(226) & chr(128) & chr(157), "" ) 'replaces right smart quote
str = Replace( str, chr(226) & chr(128) & chr(153), "" ) 'replaces left smart apostrophe
str = Replace( str, chr(226) & chr(128) & chr(152), "" ) 'replaces right smart apostrophe
end if
clean = str
end function
I am trying to apply this into the ASP code but I am doing something wrong that is not working. Here is what I have. I could use some help.
* This is just part of the code, but the part I think is relevant to the issue.
Set MM_editCmd = Server.CreateObject ("ADODB.Command")
MM_editCmd.ActiveConnection = MM_bluedot_STRING
MM_editCmd.CommandText = "UPDATE dbo.AdminChecklist SET Docname = ?, Docfrom = ? WHERE docid = ?"
MM_editCmd.Prepared = true
MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param1", 202, 1, 100, (Request.Form(clean("Docname")))) ' adVarWChar
MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param2", 202, 1, 150, Request.Form("Docfrom")) ' adVarWChar
MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param3", 5, 1, -1, MM_IIF(Request.Form("MM_recordId"), Request.Form("MM_recordId"), null)) ' adDouble
MM_editCmd.Execute
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
20
17
38 Comments
Active 1 day ago
change your code to
Set MM_editCmd = Server.CreateObject ("ADODB.Command")
MM_editCmd.ActiveConnection = MM_bluedot_STRING
MM_editCmd.CommandText = "UPDATE dbo.AdminChecklist SET Docname = ?, Docfrom = ? WHERE docid = ?"
MM_editCmd.Prepared = true
MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param1", 202, 1, 100, (clean(Request.Form("Docname")))) ' adVarWChar
MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param2", 202, 1, 150, Request.Form("Docfrom")) ' adVarWChar
MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param3", 5, 1, -1, MM_IIF(Request.Form("MM_recordId"), Request.Form("MM_recordId"), null)) ' adDouble
MM_editCmd.Execute
Active 6 days ago
Seems the function is missing code to replace the double quotes :$ (") can this be added?
function clean( str )
if str <> "" and not isNull( str ) then
str = Replace( str, "<", "" )
str = Replace( str, ">", "" )
str = Replace( str, "&", "&" )
str = Replace( str, "'", "'" )
str = Replace( str, """, "\""" )
str = Replace( str, "&apos;", "'" )
str = Replace( str, chr(226) & chr(128) & chr(156), "" ) 'replaces left smart quote
str = Replace( str, chr(226) & chr(128) & chr(157), "" ) 'replaces right smart quote
str = Replace( str, chr(226) & chr(128) & chr(153), "" ) 'replaces left smart apostrophe
str = Replace( str, chr(226) & chr(128) & chr(152), "" ) 'replaces right smart apostrophe
end if
clean = str
end function
Active 1 day ago
if str <> "" and not isNull( str ) then
str = Replace( str, """", "" )
str = Replace( str, "<", "" )
str = Replace( str, """", "" )
str = Replace( str, "<", "" )
Active 6 days ago
I now have this
With the code above the " are removed instead of replaced for their unicode characters. So it dissapears from the page.
function clean( str )
if str <> "" and not isNull( str ) then
str = Replace( str, """", "" )
str = Replace( str, "<", "" )
str = Replace( str, ">", "" )
str = Replace( str, "&", "&" )
str = Replace( str, "'", "'" )
str = Replace( str, """, "\""" )
str = Replace( str, "&apos;", "'" )
str = Replace( str, chr(226) & chr(128) & chr(156), "" ) 'replaces left smart quote
str = Replace( str, chr(226) & chr(128) & chr(157), "" ) 'replaces right smart quote
str = Replace( str, chr(226) & chr(128) & chr(153), "" ) 'replaces left smart apostrophe
str = Replace( str, chr(226) & chr(128) & chr(152), "" ) 'replaces right smart apostrophe
end if
clean = str
end function
With the code above the " are removed instead of replaced for their unicode characters. So it dissapears from the page.
If you are trying to ensure that a string will always display correctly in HTML, what about trying the equivalent of HttpServerUtility.HtmlEnco
Active 6 days ago
The last note from bigmonty didn't work it replaced the " with " on the page.
This is what I got
Brad: Not sure how to do that
This is what I got
Birth certificate quote ' & " dbl quote
Brad: Not sure how to do that
Active 1 day ago
You can use Server.HTMLEncode but then you would have to decode the data, and there isn't any built in function to do that.
Why do you need to remove the quotes? Are you displaying the data in a text field? If so try this :
str = Replace( str, """", """""" )
Why do you need to remove the quotes? Are you displaying the data in a text field? If so try this :
str = Replace( str, """", """""" )
Active 6 days ago
I tried that but didn't work :( it still saves one " in the DB and anything after that doesn't show.
In the DB it shows as:
In the DB it shows as:
Birth certificate dbl "" here
Active 6 days ago
Any ideas on how to replace the quotes with the UTF-8 character ? I still have an issue when a user types quotes in a field and then wants to update it instead of showing the text between the quotes the field shows the data up to before the quotes and nothing after.
Active 1 day ago
do you want to just be able to display quotes in a text field? if so, then I would save the data AS IS in the database, then when you go to display it, simply double up the quotes, like so:
<%
str = rs("fieldFromDbThatContain
%>
<input type="text" name="fld1" id="fld1 value="<%=Replace( str, """", """""" )%>" />
this'll allow you to display the data with quotes, and not have to worry about changing the actual data
<%
str = rs("fieldFromDbThatContain
%>
<input type="text" name="fld1" id="fld1 value="<%=Replace( str, """", """""" )%>" />
this'll allow you to display the data with quotes, and not have to worry about changing the actual data
Active 1 day ago
it's being display because it's considered invalid html, as the first quote that appears in the VALUE of the input field tells the browser that it's done parsing that attribute.
For example, let's say this is your text input field:
<input type="text" name="fld1" id="fld1 value="" />
now, you want to add the value, which is:
Aleks is a "web ninja"!
ASP would parse it out to be:
<input type="text" name="fld1" id="fld1 value="Aleks is a "web ninja"!" />
I bolded out the part that would be considered valid, which is right up to the 2nd quote. Doubling up the quote tells the browser that the quotes surrounding "web ninja" are part of the actual VALUE, and not part of the html markup.
Does that make sense?
For example, let's say this is your text input field:
<input type="text" name="fld1" id="fld1 value="" />
now, you want to add the value, which is:
Aleks is a "web ninja"!
ASP would parse it out to be:
<input type="text" name="fld1" id="fld1 value="Aleks is a "web ninja"!" />
I bolded out the part that would be considered valid, which is right up to the 2nd quote. Doubling up the quote tells the browser that the quotes surrounding "web ninja" are part of the actual VALUE, and not part of the html markup.
Does that make sense?
Active 6 days ago
It does. So how do all websites approach this issue. Since users can type quotes on any field ?
Active 1 day ago
most sites use some form of the solution I provided above. Others will use built in encoding functions supported by the server side language (in ASP, it would be Server.HTMLEncode). Another method would be to replace each quote with """ (without the quotes). Server.HTMLEncode may work here for you, I usually stay away from it as it will encode other characters in ways that you may not mean to.
Active 6 days ago
I tried to replace with " but it didn't work. it did save " in the DB but the it displayed " on the ASP page instead of the quotes. Did I miss doing something else ? I can send the whole page code if needed.
Active 1 day ago
building on my solution above, let's try this:
str = rs("fieldFromDbThatContain
str = Replace( Replace( str, """", """""" ), """, """""" )
Also, do not save your data in your database in UTF-8 format, you'll may run into problems down the line
str = rs("fieldFromDbThatContain
str = Replace( Replace( str, """", """""" ), """, """""" )
Also, do not save your data in your database in UTF-8 format, you'll may run into problems down the line
Active 6 days ago
Some of my pages do have this code at the top of the page in order to work properly.
Ill try the code above, but that means I would have to add that code to a lot of pages. Since users can add quotes pretty much anywhere on any field.
<%
Response.ContentType = "text/html"
Response.AddHeader "Content-Type", "text/html;charset=UTF-8"
Response.CodePage = 65001
Response.CharSet = "UTF-8"
%>
Ill try the code above, but that means I would have to add that code to a lot of pages. Since users can add quotes pretty much anywhere on any field.
Active 1 day ago
for testing purposes, try the code I just sent. If it works, add it to your Clean*( function and that should resolve the issue
Active 6 days ago
I have this as the function now:
Where do I put this piece of code ?
function clean( str )
if str <> "" and not isNull( str ) then
str = Replace( Replace( str, """", """""" ), """, """""" )
str = Replace( str, "<", "" )
str = Replace( str, ">", "" )
str = Replace( str, "&", "&" )
str = Replace( str, "'", "'" )
str = Replace( str, """, "\""" )
str = Replace( str, "&apos;", "'" )
str = Replace( str, chr(226) & chr(128) & chr(156), "" ) 'replaces left smart quote
str = Replace( str, chr(226) & chr(128) & chr(157), "" ) 'replaces right smart quote
str = Replace( str, chr(226) & chr(128) & chr(153), "" ) 'replaces left smart apostrophe
str = Replace( str, chr(226) & chr(128) & chr(152), "" ) 'replaces right smart apostrophe
end if
clean = str
end function
Where do I put this piece of code ?
str = rs_document("Docname")
Active 6 days ago
Ok. but ... that line only applies to this one page. Not the entire system so ... here is the relevant code for this page, perhaps this helps.
included is the file to the script we currently have to clean the data.
I added the line at the bottom as recommended.
included is the file to the script we currently have to clean the data.
I added the line at the bottom as recommended.
function clean( str )
if str <> "" and not isNull( str ) then
str = Replace( str, "<", "" )
str = Replace( str, ">", "" )
str = Replace( str, "&", "&" )
str = Replace( str, "'", "'" )
str = Replace( str, """, "\""" )
str = Replace( str, "&apos;", "'" )
str = Replace( str, chr(226) & chr(128) & chr(156), "" ) 'replaces left smart quote
str = Replace( str, chr(226) & chr(128) & chr(157), "" ) 'replaces right smart quote
str = Replace( str, chr(226) & chr(128) & chr(153), "" ) 'replaces left smart apostrophe
str = Replace( str, chr(226) & chr(128) & chr(152), "" ) 'replaces right smart apostrophe
str = Replace( Replace( str, """", """""" ), """, """""" )
end if
clean = str
end function
Active 1 day ago
it shouldnt matter, as you would only need to call the clean() function when you're loading up form fields, otherwise you would use the value in the database
Active 6 days ago
I am confused :$ ... The clean function is now updated. How to display the code and clean it on the page now ? (Code for the page is attached).
Active 1 day ago
where exactly are you trying to display the data? Inside a field or just on the page, like in a DIV or other html element?
Active 6 days ago
a form field.
<input name="Docname" type="text" class="form-control" id="Docname" value="<%=(rs_document.Fields.Item("Docname").Value)%>" maxlength="150">
Active 1 day ago
well, unless you're using some kind of specialized editor, like TinyMCE or one of its equivalents, you're not going to be able to stylize text in a standard text field....
Active 6 days ago
Right. So what happens if the user enters something like:
Documents for "Alien" contact
and hits 'save' ? the text will save as such in the database, then the page reloads and it reads:
Documents for
Documents for "Alien" contact
and hits 'save' ? the text will save as such in the database, then the page reloads and it reads:
Documents for
Active 1 day ago
so it's saving correctly, you just need to double up the quotes when writing the value of that field into the VALUE attribute for the field.
Active 6 days ago
Is there a way we can build that into a function ? :) I think this should be separate from the 'clean' function don't you think ? this way we apply the new function to any field that would need this done.
Active 1 day ago
let's first make sure that's what it is. Test it out on a couple of fields, verify it works, then we'll make a more global function
Active 6 days ago
I am ok with that. I am just a little lost. I added that one line to the clean function. Should i remove it and if so where do I add the code in the asp file ?
Can we start this from scratch ? ... :)
Can we start this from scratch ? ... :)
Active 1 day ago
let's do the following as a test. create your text input like so:
<input name="Docname" type="text" class="form-control" id="Docname" value="<%=(Replace( rs_document.Fields.Item("D
the quotes should now appear
<input name="Docname" type="text" class="form-control" id="Docname" value="<%=(Replace( rs_document.Fields.Item("D
the quotes should now appear
Active 6 days ago
I tried but the text still gets cut off.
So I added this to the clean function: str = Replace( str, """", "''" )
it replaces the quotes with two single quotes :$ looks close to the quotes
So I added this to the clean function: str = Replace( str, """", "''" )
it replaces the quotes with two single quotes :$ looks close to the quotes
Featured Post
Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.
Connect with xMatters.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
CTAs encourage people to do something specific to show interest in your company, product or service. Keep reading to learn why CTAs should always be thought of as extremely important, albeit small, sections of websites.
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5.
As we learned in our last micr…
The viewer will learn the basics of jQuery, including how to invoke it on a web page.
Reference your jQuery libraries: (CODE)
Include your new external js/jQuery file: (CODE)
Write your first lines of code to setup your site for jQuery.: (CODE)
Suggested Courses
Course of the Month3 days, 16 hours left to enroll
691 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.