Results 1 to 2 of 2

Thread: HTMLEncode

  1. #1
    Join Date
    Dec 1969

    Default HTMLEncode

    Hello,<BR><BR>I hope that everyone is having a nice day...<BR><BR>Lets say I send form data to an ASP page and one of the variables is called var1 and its value is "hello world".<BR><BR>In the ASP page I find that the following code produces the following output.<BR><BR> &#060;%=Request("var1")%&#062;<BR><BR>gives....<BR ><BR> hello world<BR><BR>However, if I try and insert the same value into a new form text field then the output is different. i.e.<BR><BR> &#060;FORM METHOD=GET ACTION="URL.asp"&#062;<BR> &#060;INPUT TYPE=TEXT NAME=var1 VALUE=&#060;%=Request("var1")%&#062;&#062;<BR> &#060;INPUT TYPE=SUBMIT VALUE="Go back"&#062;<BR> &#060;/FORM&#062;<BR><BR>gives...<BR><BR> hello<BR><BR>in the text box.<BR><BR>Why is this? Why should the same instruction cause a different output?<BR><BR>The book that I&#039m reading says that when writting to a form value, one should process the output with Server.HTMLEncode but this doesn&#039t actually have any effect.<BR><BR>Yours, Ian.<BR><BR><BR><BR>

  2. #2
    Join Date
    Dec 1969

    Default RE: HTMLEncode

    Don&#039t forget to put quotes (single or double) around attribute values in HTML - this should be standared practice. If you look inside the source code of the second HTML page which you are generating from the form data of the first, you will find that "world" DID get embedded - but it isn&#039t displayed because the browser only sees the "hello" if you don&#039t quote the entire phrase.<BR><BR>Hope this has been helpful.<BR><BR>Joe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts