Re: Battle against the Quotes
- From: "Bob Lehmann" <nospam@xxxxxxxxxxxxxxxx>
- Date: Sun, 17 Apr 2005 14:21:17 -0600
HtmlEncode the values you trying to display.
Bob Lehmann
"Macsicarr" <nospam@xxxxxxxxxx> wrote in message
news:%2373ZxZ3QFHA.4020@xxxxxxxxxxxxxxxxxxxxxxx
> Hi
>
> Just wanted to see what the standard battle plan is when you want to allow
a
> user to enter a retrieve data from an ASP/DB solution and the infernal
> single or double quote issue comes up if they've been entering these
chars.
>
> For example, I have a web form that is simply:
>
> Name: <standard INPUT text box>
>
> Desc: <standard TEXTAREA>
>
> etc...
>
> End user enters the following into the boxes:
>
> Name: Paul O'Malley
>
> Desc: Paul O'Malley's leg is 3" shorter than it's standard length.
>
> I use the replace command to 'escape' these quotes before I submit them
into
> the Access DB so there is no issue there, but when the user wants to go
into
> the 'Modify Details' form and retrieve these details to mod them its the
> good old HTML that falls foul of the quotes.
>
> Because the VALUE part of the INPUT text box has to be either VALUE="<%the
> name%>" or VALUE='<%the name%>' to encapsulate the data, whichever I
choose
> the end user will always find a way of goofing it up.
>
> For example, if they have typed in 'Paul O'Malley's leg is 3" shorter than
> it's standard' in the Name field and my VALUE used double quotes then all
it
> is going to show is:
>
> Paul O'Malley's leg is 3"
>
> If I use single quotes then all it is going to show is:
>
> Paul O
>
> Do I take it that I should do another replace on the way in so that the
data
> is 'escaped' again before being dropped into the text box? Is there a
> better way?
>
> Thks
>
>
>
.
- References:
- Battle against the Quotes
- From: Macsicarr
- Battle against the Quotes
- Prev by Date: Battle against the Quotes
- Next by Date: where I have mistake?
- Previous by thread: Battle against the Quotes
- Next by thread: where I have mistake?
- Index(es):
Relevant Pages
|
