"Evertjan." <ex**************@interxnl.net> wrote in message
news:Xn********************@194.109.133.242...
Egbert Nierop (MVP for IIS) wrote on 29 mrt 2006 in
microsoft.public.inetserver.asp.general:
"Mike P" <mi*******@gmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...I need to put the following code within a <% %> block :
response.write "<tr>" &_
"<td bgcolor=eeeeee><a href=""company.asp?company=rs("companyKey")" &
"orderby=name"">"&naym&"</a></td>"
How do I escape the characters " etc?
Have you tried this?
"<td bgcolor=eeeeee><a href=""company.asp?company="
Response.write server.htmlencode(rs("companyKey"))
etc...
Or:
%><tr><td bgcolor='eeeeee'>
<a href='company.asp?company=<%=rs("companyKey")%>&or derby=name'>
<%=naym%></a></td><%
Sorry Evertjan, this does not escape characters!
Open for instance localstart.asp (at your default wwwroot on XP) and modify
this paragraph
<ul class="clsEntryText">
<li>Set up a personal Web server<%="&""><"%><% response.write
"&""><"%>
<li>Share information within your team
<li>Access databases
<li>Develop an enterprise intranet
<li>Develop applications for the Web.
</ul>
As you open the output with notepad, no encoding has been performed!
However, if you use <li>Set up a personal Web server<%=
Server.HtmlEncode("&""><")%><% Response.Write Server.HtmlEncode("&""><") %>
The output of the line with 'illegal HTML chars' is now as this
<li>Set up a personal Web server&"><&"><
The output is fixed. At least, that is how I understood the question of the
O.P.