User Input With Quotes

Results 1 to 2 of 2

Thread: User Input With Quotes

  1. #1
    Join Date
    Dec 1969

    Default User Input With Quotes

    I have a textarea the user can enter comments in and I need to save it to a database field. I submit the data through a form to my asp routine to save it, but can't seem to get it to work when there is a quote mark in the field. I've tried changing a ' to '' or changing it to ', but when I check the value of my hidden form field it still stops at the quote. I'd really appreciate some input!

  2. #2
    Join Date
    Dec 1969

    Default Nothing to do with DB...

    You are doing the right thing by replacing a single apostrophe with a pair of them in order to use a SQL INSERT or UPDATE query.<BR><BR>But when you drag the contents of a DB field back to the HTML field, *that* is when you are getting in trouble.<BR><BR>You *could* try something like:<BR><BR>&#060;INPUT Type=Hidden Value="&#060;%= Server.HTMLEncode(RS("whatever"))%&#062;" &#062;<BR><BR>That *will* take care of the " marks. Each " will be converted to &amp;quot; for you. Various other problem characters will also be fixed up. (But apostrophes are *NOT* changed!)<BR><BR>But then what do you do about line breaks in the text area????<BR><BR>Server.HTMLEncode won&#039;t handle them for you. Is it okay to have something like<BR><BR>&#060;INPUT Name="whatever" Type="Hidden" Value="John said, &amp;quot;Thanks for all the<BR>fish and come again soon.&amp;quot;"&#062;<BR><BR>with a line break in the middle of the quoted value? I dunno never tried it. If not, then you&#039;ll also have to find some way to encode your line breaks.<BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts