What's wrong with this code?
strLongDesc =
Replace(Replace (Replace(Replac e(Trim(Request. Form("LongDesc" )),"'","''"),vb C
rLf,"<br>"),"<" ,<),"<",> )
Background:
This field is a textarea, and I needed to account for apostrophes, which I
had already done, and replaced line breaks with html line breaks on my page
which displays this stuff. That works fine. But then a user entered this
line, pasted from a log file:
SQL Statement: <SELECT * FROM etc., etc.
Which resulted in an actual dropdown box being displayed, and all the rest
of the description after that point was not displayed. So I tried to put in
code to replace the < and > with a < and > and the code I get when the
page loads is:
Microsoft VBScript compilation (0x800A03EA)
Syntax error
/AddToTicket.asp , line 75, column 106
strLongDesc =
Replace(Replace (Replace(Replac e(Trim(Request. Form("LongDesc" )),"'","''"),vb C
rLf,"<br>"),"<" ,<),"<",> )
----------------------------------------------------------------------------
-----------------------------^
8  4505 
Well, I found the problem with the syntax, but now it simply doesn't work.
Here is my code:
strLongDesc =
Replace(Replace (Replace(Replac e(Trim(Request. Form("LongDesc" )),"'","''"),vb C
rLf,"<br>"),"<" ,"<"),">","& gt;")
and of course, I insert strLongDesc into a field in SQL Server, and when I
open it up in SQL Server, it still shows what I typed into the textarea,
which is <select>, whereas I should see <select&g t;
What am I doing wrong?
"middletree " <mi********@hto mail.com> wrote in message
news:Oc******** ******@TK2MSFTN GP11.phx.gbl... What's wrong with this code?
strLongDesc =
Replace(Replace (Replace(Replac e(Trim(Request. Form("LongDesc" )),"'","''"),vb C rLf,"<br>"),"<" ,<),"<",> )
Background:
This field is a textarea, and I needed to account for apostrophes, which I
had already done, and replaced line breaks with html line breaks on my
page which displays this stuff. That works fine. But then a user entered this
line, pasted from a log file:
SQL Statement: <SELECT * FROM etc., etc.
Which resulted in an actual dropdown box being displayed, and all the rest
of the description after that point was not displayed. So I tried to put
in code to replace the < and > with a < and > and the code I get when
the page loads is:
Microsoft VBScript compilation (0x800A03EA)
Syntax error
/AddToTicket.asp , line 75, column 106
strLongDesc =
Replace(Replace (Replace(Replac e(Trim(Request. Form("LongDesc" )),"'","''"),vb C rLf,"<br>"),"<" ,<),"<",> )
--------------------------------------------------------------------------
-- -----------------------------^
(a) you need double quotes around "<" and ">"
(b) how about :
strLongDesc = trim(server.HTM LEncode(Request .Form("LongDesc ")))
strLongDesc = replace(replace (strLongDesc,"' ","''"),VBCrLf, "<br>")
"middletree " <mi********@hto mail.com> wrote in message
news:Oc******** ******@TK2MSFTN GP11.phx.gbl... What's wrong with this code?
strLongDesc =
Replace(Replace (Replace(Replac e(Trim(Request. Form("LongDesc" )),"'","''"),vb C rLf,"<br>"),"<" ,<),"<",> )
Background:
This field is a textarea, and I needed to account for apostrophes, which I
had already done, and replaced line breaks with html line breaks on my
page which displays this stuff. That works fine. But then a user entered this
line, pasted from a log file:
SQL Statement: <SELECT * FROM etc., etc.
Which resulted in an actual dropdown box being displayed, and all the rest
of the description after that point was not displayed. So I tried to put
in code to replace the < and > with a < and > and the code I get when
the page loads is:
Microsoft VBScript compilation (0x800A03EA)
Syntax error
/AddToTicket.asp , line 75, column 106
strLongDesc =
Replace(Replace (Replace(Replac e(Trim(Request. Form("LongDesc" )),"'","''"),vb C rLf,"<br>"),"<" ,<),"<",> )
--------------------------------------------------------------------------
-- -----------------------------^
> when I open it up in SQL Server,
Where in SQL Server? Don't use Enterprise Manager for viewing data (e.g.
Return all rows). It is liable to do all sorts of funky things in order to
present the data to you in a "friendly" way (for some other issues see http://www.aspfaq.com/2455). Run a SELECT query in Query Analyzer. Also,
response.write( sql) to make sure the replacements were done.
Another piece of friendly advice: store the statement as is, and use
Server.HTMLEnco de when you *retrieve* and *display* it. HTML formatting has
little use/place inside the database.
OK, I've not gotten familiar with HTMLEncode. That will take care of the <
and other characters, then?
I'll try it out. Thanks, very much.
I also never knew that that you said about Enterprise Mgr vs. Query analyzer
in the other post. thanks
"Aaron Bertrand [MVP]" <aa***@TRASHasp faq.com> wrote in message
news:eV******** *****@TK2MSFTNG P10.phx.gbl... (a) you need double quotes around "<" and ">"
(b) how about:
strLongDesc = trim(server.HTM LEncode(Request .Form("LongDesc ")))
strLongDesc = replace(replace (strLongDesc,"' ","''"),VBCrLf, "<br>")
"middletree " <mi********@hto mail.com> wrote in message
news:Oc******** ******@TK2MSFTN GP11.phx.gbl... What's wrong with this code?
strLongDesc =
Replace(Replace (Replace(Replac e(Trim(Request. Form("LongDesc" )),"'","''"),vb C rLf,"<br>"),"<" ,<),"<",> )
Background:
This field is a textarea, and I needed to account for apostrophes, which
I had already done, and replaced line breaks with html line breaks on my
page which displays this stuff. That works fine. But then a user entered this
line, pasted from a log file:
SQL Statement: <SELECT * FROM etc., etc.
Which resulted in an actual dropdown box being displayed, and all the
rest of the description after that point was not displayed. So I tried to put
in code to replace the < and > with a < and > and the code I get when
the page loads is:
Microsoft VBScript compilation (0x800A03EA)
Syntax error
/AddToTicket.asp , line 75, column 106
strLongDesc =
Replace(Replace (Replace(Replac e(Trim(Request. Form("LongDesc" )),"'","''"),vb C rLf,"<br>"),"<" ,<),"<",> )
--------------------------------------------------------------------------
-- -----------------------------^
Well, I tried it exactly as you have it in (b) below, and it didn't work.
Also tried it with double quotes around the <, and it still stored my text
of <select> as <select>, which displayed as a dropdown.
"Aaron Bertrand [MVP]" <aa***@TRASHasp faq.com> wrote in message
news:eV******** *****@TK2MSFTNG P10.phx.gbl... (a) you need double quotes around "<" and ">"
(b) how about:
strLongDesc = trim(server.HTM LEncode(Request .Form("LongDesc ")))
strLongDesc = replace(replace (strLongDesc,"' ","''"),VBCrLf, "<br>")
"middletree " <mi********@hto mail.com> wrote in message
news:Oc******** ******@TK2MSFTN GP11.phx.gbl... What's wrong with this code?
strLongDesc =
Replace(Replace (Replace(Replac e(Trim(Request. Form("LongDesc" )),"'","''"),vb C rLf,"<br>"),"<" ,<),"<",> )
Background:
This field is a textarea, and I needed to account for apostrophes, which
I had already done, and replaced line breaks with html line breaks on my
page which displays this stuff. That works fine. But then a user entered this
line, pasted from a log file:
SQL Statement: <SELECT * FROM etc., etc.
Which resulted in an actual dropdown box being displayed, and all the
rest of the description after that point was not displayed. So I tried to put
in code to replace the < and > with a < and > and the code I get when
the page loads is:
Microsoft VBScript compilation (0x800A03EA)
Syntax error
/AddToTicket.asp , line 75, column 106
strLongDesc =
Replace(Replace (Replace(Replac e(Trim(Request. Form("LongDesc" )),"'","''"),vb C rLf,"<br>"),"<" ,<),"<",> )
--------------------------------------------------------------------------
-- -----------------------------^
"Aaron Bertrand [MVP]" <aa***@TRASHasp faq.com> wrote in message
news:eg******** *****@TK2MSFTNG P10.phx.gbl... when I open it up in SQL Server,
Where in SQL Server? Don't use Enterprise Manager for viewing data (e.g.
Return all rows). It is liable to do all sorts of funky things in order
to present the data to you in a "friendly" way (for some other issues see
http://www.aspfaq.com/2455). Run a SELECT query in Query Analyzer. Also,
response.write( sql) to make sure the replacements were done.
As it turned out, the Query A vs. Ent Mgr were both displying correctly, but
I will make sure i view the data correctly from now on. But the problem is
that the replace function is not working. I verified this per your
suggestion with the response.write statement. It does just fine with the
<br> and quotes. Very puzzling and frustrating
Another piece of friendly advice: store the statement as is, and use
Server.HTMLEnco de when you *retrieve* and *display* it. HTML formatting
has little use/place inside the database.
Then my guess is there are no < or > characters for replacement? Compare
this to the completed SQL statement:
Response.write( request.form("w hatever_the_var iable_was"))
"middletree " <mi********@hto mail.com> wrote in message
news:#S******** ******@TK2MSFTN GP10.phx.gbl... "Aaron Bertrand [MVP]" <aa***@TRASHasp faq.com> wrote in message
news:eg******** *****@TK2MSFTNG P10.phx.gbl... when I open it up in SQL Server,
Where in SQL Server? Don't use Enterprise Manager for viewing data
(e.g. Return all rows). It is liable to do all sorts of funky things in order
to present the data to you in a "friendly" way (for some other issues see
http://www.aspfaq.com/2455). Run a SELECT query in Query Analyzer.
Also, response.write( sql) to make sure the replacements were done.
As it turned out, the Query A vs. Ent Mgr were both displying correctly,
but I will make sure i view the data correctly from now on. But the problem is
that the replace function is not working. I verified this per your
suggestion with the response.write statement. It does just fine with the
<br> and quotes. Very puzzling and frustrating
Another piece of friendly advice: store the statement as is, and use
Server.HTMLEnco de when you *retrieve* and *display* it. HTML formatting
has little use/place inside the database.
Well, had typed:
<select>
into the textarea, and verified that this is what went in, both by
response.write, and looking into SQL Server.
"Aaron Bertrand [MVP]" <aa***@TRASHasp faq.com> wrote in message
news:ut******** ******@TK2MSFTN GP10.phx.gbl... Then my guess is there are no < or > characters for replacement? Compare
this to the completed SQL statement:
Response.write( request.form("w hatever_the_var iable_was"))
"middletree " <mi********@hto mail.com> wrote in message
news:#S******** ******@TK2MSFTN GP10.phx.gbl... "Aaron Bertrand [MVP]" <aa***@TRASHasp faq.com> wrote in message
news:eg******** *****@TK2MSFTNG P10.phx.gbl... > when I open it up in SQL Server,
Where in SQL Server? Don't use Enterprise Manager for viewing data (e.g. Return all rows). It is liable to do all sorts of funky things in
order to present the data to you in a "friendly" way (for some other issues see
http://www.aspfaq.com/2455). Run a SELECT query in Query Analyzer. Also, response.write( sql) to make sure the replacements were done.
As it turned out, the Query A vs. Ent Mgr were both displying correctly,
but I will make sure i view the data correctly from now on. But the problem
is that the replace function is not working. I verified this per your
suggestion with the response.write statement. It does just fine with the
<br> and quotes. Very puzzling and frustrating
Another piece of friendly advice: store the statement as is, and use
Server.HTMLEnco de when you *retrieve* and *display* it. HTML
formatting has little use/place inside the database.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: shank |
last post by:
1) I'm getting this error: Syntax error (missing operator) in query
expression on the below statement. Can I get some advice.
2) I searched ASPFAQ and came up blank. Where can find the "rules" for when
and how to use single quotes and double quotes in ASP?
thanks!
----------------------
SQL = SQL & "WHERE '" &
REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE("GenKTitles.
|
by: Gérard Leclercq |
last post by:
ACCESS
First fields are TEXT, last 2 are Numbers
The name of the fields are correct.
Dim MyConn
Set MyConn=Server.CreateObject("ADODB.Connection")
MyConn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath
("/xdata/sc.mdb")
|
by: Peter Frost |
last post by:
Please help
I don't know if this is possible but what I would really like to do is
to use On Error Goto to capture the code that is being executed when
an error occurs.
Any help would be much appreciated.
Thanks in advance
|
by: iam247 |
last post by:
Hi
I am a relative beginner with ASP and weak on syntax for sql
statements. Basically I modify something which works.
I have tblGroupContact with two fields both long integer - ContactID &
GroupID
I am using asp3.0 and VB Script
|
by: deko |
last post by:
I'm trying to log error messages and sometimes (no telling when or where)
the message contains a string with double quotes. Is there a way get the
query to insert the string with the double quotes? Do I need to use code to
scrub each string and remove or escape the double quotes before using it in
a query?
The error I get is this:
Error Number 3075: Syntax error (missing operator) in query expression
'"credit card billed by...
| | |
by: amitbadgi |
last post by:
HI i am getting the foll error while conv an asp application to
asp.net
Exception Details: System.Runtime.InteropServices.COMException: Syntax
error in UPDATE statement.
Source Error:
Line 112: MM_editCmd.ActiveConnection = MM_editConnection
Line 113: MM_editCmd.CommandText = MM_editQuery
Line 114: MM_editCmd.Execute
|
by: amitbadgi |
last post by:
Hi guys, I am getting the following error in teh insert statement , I
am converting this asp application to asp.net, here is teh error,
Exception Details: System.Runtime.InteropServices.COMException: Syntax
error in INSERT INTO statement.
Source Error:
Line 118: MM_editCmd.ActiveConnection = MM_editConnection
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
| | |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
