Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Escaping specific characters

Status
Not open for further replies.
onedizzydevil

onedizzydevil

Programmer
Mar 24, 2001
103
US
Hello Folk:

I have a problem that needs a solution, I am using ASP, VBScript, JavaScript and a Microsoft Access database on the this project.

I use text boxes and text areas on some data entry pages in this application and I receive errors when I attempt to do most things with the data including INSERT INTO the database; some of the special characters such as a carraige return (ASC(13)), a line feed (ASC(10)), an apostrophe character (ASC(39)), and the parentheses characters (ASC(40), ASC(41)).

The characters need to be there when the data is returned back to the user(s) on a web page or when edited in another form, therefore what ever I do must be able to be undone or reversed during a display.

Thank you in advance for your help, I do greatly appreciate it.


Wayne Sellars
 
Sort by date Sort by votes
Use Server.HTMLEncode(...) before outputting the code. This converts offending characters to special strings that are decoded by the browser. I don't know about CrLf though. You may have to convert those to <BR> yourself.
 
Upvote 0 Downvote
Okay, I have tried this function; however, it does not see an apostrophe character (ASC(39)), comma character(ASC(44)); semi-colon character (ASC(59)) or the parentheses characters (ASC(40), ASC(41)) as a problem and does not do anything with them.

However, the function will translate Greater Than, and Less Than characters and a couple of other things, but that is about it.

Any other ideas

Thanks


Wayne Sellars
 
Upvote 0 Downvote
The HTMLEncode should have eliminated problems writing the data to the client. If not, I have no further ideas. I know that apostrophes are definitely a problem in ODBC and SQL requests. They must be doubled up. I've seen elsewhere that there is an option to use double-quotes instead of apostrophes as delimiters but then you have to deal with double-quotes in the data. Other than that, I can't help, not having faced those problems.
 
Upvote 0 Downvote
And the solution is ... drum roll please

<%
Function SQLText( strText )
Dim Temp
If strText = &quot;&quot; Then
SQLText = &quot;'&quot; & &quot;'&quot;
Else
Temp = Trim( strText )
If( Temp <> &quot;&quot; ) Then
SQLText = &quot;'&quot; & Replace( Temp, &quot;'&quot;, &quot;''&quot;) & &quot;'&quot;
Else
SQLText = &quot;'&quot; & &quot;'&quot;
End If
End If
End Function



Function SQLNumber( intNumber )
Dim intCheck
Dim intCount
Dim intReturn


If intNumber <> &quot;&quot; Then
If IsNumeric( intNumber ) Then
intReturn = intNumber
Else
For intCount = 1 To Len( intNumber )
intCheck = Mid( intNumber,intCount, 1 )

If IsNumeric( intCheck ) Then
intReturn = intReturn & intCheck
End If
Next
End If

intReturn = CLng( intReturn )
Else
intReturn = &quot;0&quot;
End If

SQLNumber = intReturn
End Function
%>

///////////////////////// Example Use /////////////////////

<% Query = &quot;UPDATE photo SET thumbnail='&quot;&photo_id&TheFileType1&&quot;', photoname='&quot;&photo_id&TheFileType2&&quot;', photo_caption=&quot;&SQLText(upl.Form(&quot;caption&quot;))&&quot;, photo_details=&quot; & SQLText(upl.Form(&quot;details&quot;)) & &quot;, private=&quot; & private_value & &quot;, landscape=&quot; & landscape_value & &quot;, uid=&quot; & Session(&quot;arr_Portal0_2&quot;) & &quot;, gid=&quot;& Session(&quot;arr_Portal0_3&quot;) &&quot;, lastupdatedby=&quot;& Session(&quot;arr_Portal0_2&quot;) &&quot; WHERE photo_id=&quot;&photo_id %>



<%Query = &quot;INSERT INTO photo (thumbnail, photoname, photo_caption, photo_details, private, landscape, uid, gid, lastupdatedby) VALUES ('null', 'null', &quot;&SQLText(upl.Form(&quot;caption&quot;))&&quot;, &quot; & SQLText(upl.Form(&quot;details&quot;)) & &quot;, &quot; & private_value & &quot;, &quot; & landscape_value & &quot;, &quot; & Session(&quot;arr_Portal0_2&quot;) & &quot;, &quot;& Session(&quot;arr_Portal0_3&quot;) &&quot;, &quot;& Session(&quot;arr_Portal0_2&quot;) &&quot;) &quot;%>






Wayne Sellars

&quot;Programming, today is a race between software developers, striving to build bigger and better idiot-proof programs, and the Universe, trying to produce bigger and better idiots. So far, Universe 1 - Programmers 0.&quot;
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Cowboy91
  • Locked
  • Question
Start PDF Document on specific page via VBScript with variable pagenumber
Replies
2
Views
204
Cowboy91
Cowboy91
evr72
  • Locked
  • Question
if statement redirect to specific record 1
Replies
2
Views
94
evr72
evr72
fmrock
  • Locked
  • Question
Secure a specific file types
Replies
1
Views
49
emozley
emozley
Spork52
  • Locked
  • Question
Japanese characters display incorrectly (ASP, MySQL5)
Replies
6
Views
122
xwb
xwb
evr72
  • Locked
  • Question
if specific fields filled out then after submit open more fields 2
Replies
4
Views
56
evr72
evr72

Part and Inventory Search

Sponsor

Back
Top