escaping characters - ASP / Active Server Pages

Mike P

I need to put the following code within a <% %> block :

response.write "<tr>" &_
"<td bgcolor=eeeeee><a href=""company.asp?company=rs("companyKey")" &
"orderby=name"">"&naym&"</a></td>"
How do I escape the characters " etc?

*** Sent via Developersdex http://www.developersdex.com ***

Mar 29 '06 #1

Subscribe Post Reply

4803

Ray Costanzo [MVP]

Well, one way would be to not response.write it, but do:

%>
<td bgcolor=eeeeee><a
href="company.asp?company=<%=rs("companyKey")%>&or derby=name"><%=naym%></a></td>
%<

Or, if you would like to keep it as is, you already have the " escaped, in
VBScript. In VBScript, you use "" where you want ", as you have it.

Response.Write "<tr>" & _
"<td bgcolor=eeeeee><a href=""company.asp?company=" & rs("companyKey")
& "&orderby=name"">" & naym & "</a></td>"
A few things to note.

You forgot the & before "orderby=name". That would have given a company
value of TheCompanyKeyorderby=name

Use spaces between your ampersands and variable names. If you don't, you'll
play hell trying to figure out why

<%
Dim h1
h1 = "john"
Response.Write "His name is "&h1
%>

doesn't work.

Ray at work

"Mike P" <mi*******@gmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...

I need to put the following code within a <% %> block :

response.write "<tr>" &_
"<td bgcolor=eeeeee><a href=""company.asp?company=rs("companyKey")" &
"orderby=name"">"&naym&"</a></td>"
How do I escape the characters " etc?

*** Sent via Developersdex http://www.developersdex.com ***

Mar 29 '06 #2

Egbert Nierop $MVP for IIS$

"Mike P" <mi*******@gmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...

I need to put the following code within a <% %> block :

response.write "<tr>" &_
"<td bgcolor=eeeeee><a href=""company.asp?company=rs("companyKey")" &
"orderby=name"">"&naym&"</a></td>"
How do I escape the characters " etc?

Have you tried this?

"<td bgcolor=eeeeee><a href=""company.asp?company="
Response.write server.htmlencode(rs("companyKey"))

etc...

Mar 29 '06 #3

Evertjan.

Egbert Nierop (MVP for IIS) wrote on 29 mrt 2006 in
microsoft.public.inetserver.asp.general:

"Mike P" <mi*******@gmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
I need to put the following code within a <% %> block :

response.write "<tr>" &_
"<td bgcolor=eeeeee><a href=""company.asp?company=rs("companyKey")" &
"orderby=name"">"&naym&"</a></td>"
How do I escape the characters " etc?

Have you tried this?

"<td bgcolor=eeeeee><a href=""company.asp?company="
Response.write server.htmlencode(rs("companyKey"))

etc...

Or:

%><tr><td bgcolor='eeeeee'>
<a href='company.asp?company=<%=rs("companyKey")%>&or derby=name'>
<%=naym%></a></td><%

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Mar 29 '06 #4

Egbert Nierop $MVP for IIS$

"Evertjan." <ex**************@interxnl.net> wrote in message
news:Xn********************@194.109.133.242...

Egbert Nierop (MVP for IIS) wrote on 29 mrt 2006 in
microsoft.public.inetserver.asp.general:

"Mike P" <mi*******@gmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
I need to put the following code within a <% %> block :

response.write "<tr>" &_
"<td bgcolor=eeeeee><a href=""company.asp?company=rs("companyKey")" &
"orderby=name"">"&naym&"</a></td>"
How do I escape the characters " etc?

Have you tried this?

"<td bgcolor=eeeeee><a href=""company.asp?company="
Response.write server.htmlencode(rs("companyKey"))

etc...

Or:

%><tr><td bgcolor='eeeeee'>
<a href='company.asp?company=<%=rs("companyKey")%>&or derby=name'>
<%=naym%></a></td><%

Sorry Evertjan, this does not escape characters!

Open for instance localstart.asp (at your default wwwroot on XP) and modify
this paragraph

<ul class="clsEntryText">
<li>Set up a personal Web server<%="&""><"%><% response.write
"&""><"%>
<li>Share information within your team
<li>Access databases
<li>Develop an enterprise intranet
<li>Develop applications for the Web.
</ul>

As you open the output with notepad, no encoding has been performed!
However, if you use <li>Set up a personal Web server<%=
Server.HtmlEncode("&""><")%><% Response.Write Server.HtmlEncode("&""><") %>
The output of the line with 'illegal HTML chars' is now as this
<li>Set up a personal Web server&"><&"><

The output is fixed. At least, that is how I understood the question of the
O.P.

Mar 30 '06 #5

Evertjan.

Egbert Nierop (MVP for IIS) wrote on 30 mrt 2006 in
microsoft.public.inetserver.asp.general:

%><tr><td bgcolor='eeeeee'>
<a href='company.asp?company=<%=rs("companyKey")%>&or derby=name'>
<%=naym%></a></td><%

Sorry Evertjan, this does not escape characters!

Right!

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Mar 30 '06 #6

Similar topics

Trouble escaping / Misc nightmare

by: Ian Rastall | last post by:

Sorry for the double question. I'm having a terrible time figuring out how to escape apostrophes in my mySQL database. Perhaps they have to be escaped in the PHP, using mysql_real_escape_string? ...

PHP

XSLT disable-output-escaping

by: Lisa | last post by:

I need to apply the HTML formatting tags and the French accented characters in a XML document. The XML is generated from a database that has HTML tags and French accented characters in the records....

Java

Escaping escape characters in JScript

by: Jon Maz | last post by:

Hi, I have been getting hopelessly confused with escaping escape characters in JScript! All I want to do is write a simple funtion: function DoubleUpBackSlash(inputString) { ??????? }

ASP / Active Server Pages

Correct escaping of untrusted data

by: Geoff Caplan | last post by:

Hi folks, The thread on injection attacks was very instructive, but seemed to run out of steam at an interesting point. Now you guys have kindly educated me about the real nature of the issues,...

PostgreSQL Database

Escaping backslashes issue with printf/grep/popen!

by: agarwalpiyush | last post by:

Hello, I am going nuts with trying to get the following to work: This is what I intend to do: I have a line in /etc/syslog.conf which I need to delete based on ip-address provided to me in a...

C / C++

escaping special characters in JSON

by: James Black | last post by:

I have an application that relies on JSON, and I realized yesterday that I when the user types at least some of these characters (most likely all, haven't had time to verify) that the parser has...

Javascript

<xsl:text disable-output-escaping="yes"> does not work in XslCompi

by: Jon | last post by:

Hi, I used XslCompiledTransform with the following Xsl file. The <xsl:text disable-output-escaping="yes"does not work when using XslCompiledTransform to do the trnasform (namely the output...

.NET Framework

PHP, mysql, and escaping characters

by: Taras_96 | last post by:

Hi everyone, I'm having a bit of trouble understanding the purpose of escaping nulls, and the use of addcslashes. Firstly, the manual states that: "Strictly speaking, MySQL requires only...

PHP

path backslash escaping trouble

by: placid | last post by:

Hi All, I have these files; which are Merge Request (ClearCase) files that are created by a Perl CGI script (being re-written in Python, as the HTML/ JavaScript have been mixed with Perl,...

Python

optparse escaping control characters

by: wannymahoots | last post by:

optparse seems to be escaping control characters that I pass as arguments on the command line. Is this a bug? Am I missing something? Can this be prevented, or worked around? This behaviour...

Python

How to turn on java script in a villaon keypad mobile phone

by: Charles Arthur | last post by:

How do i turn on java script on a villaon, callus and itel keypad mobile phone

Java

Basic Javascript concepts

by: aa123db | last post by:

Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...

Javascript

Batch import of multiple excel files into the database

by: ryjfgjl | last post by:

If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...

Data Management

Merging data from multiple Excel files

by: ryjfgjl | last post by:

In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...

Data Management

Looking to do Android software development, any suggestions? Is flutter better?

by: nemocccc | last post by:

hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

General

How to build RAID in BIOS?

by: Hystou | last post by:

There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

Computer Hardware

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing