473,406 Members | 2,404 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > help me with " sign in display of data in asp form

Join Bytes to post your question to a community of 473,406 software developers and data experts.

help me with " sign in display of data in asp form

i know how to replace the sign " when SUBMITTING a form in asp by this
code:
message = Replace(usermessage, "'", "''").

My problem is DISPLAYING data in an asp FORM, from an an access
database, when the data already contains a " sign

problem is like this:
access database .... to update on the internet .... a *dataupdate.asp*
page ..... On this page, the data gets displayed in a form where i
make corrections and then i update it ..... working perfectly; the
data gets displayed in the form perfectly well and gets updated also
BUT >>>
PROBLEM >>>

If there is a " sign in the data, then all the text beyond the " sign
is not displayed inside the text box of the form and is obviously lost
if the form is submitted to update the database.

Also, if data is like this:
text1 " text2 > text3 text4

then,
text1 is displayed inside the text box of the form
text2 is not displayed anywhere as it is after the sign "
the data beyond the > sign gets displayed, but
text3 text4 get displayed OUTSIDE the text box of the form as html
output
Here is the code:

<%
Actionvar=Request.QueryString("actionvar")

Set conn = server.createobject("adodb.connection")
DSNtemp="DRIVER={Microsoft Access Driver (*.mdb)}; "
DSNtemp=dsntemp & "DBQ=" & server.mappath("database.mdb")
conn.Open DSNtemp

IF Actionvar="update" THEN
IF Len(TRIM(Request.Form("flag"))) = 0 THEN
SQLstmt = "SELECT * FROM database WHERE dataID=" &
Request.QueryString("Recid")

Set rs = conn.Execute(SQLstmt)
IF NOT RS.EOF THEN
%>

<table>
<FORM METHOD="post" ACTION="dataupdate.asp?Actionvar=update">
<INPUT TYPE="text" size="78" NAME="dataMessage"
VALUE="<%=rs("Message")%>">

<INPUT TYPE="hidden" NAME="flag" VALUE="2">
<INPUT TYPE="hidden" NAME="Recordid" VALUE="<%=rs("dataID")%>">
<INPUT TYPE="submit" VALUE="Update">
</form>
</table>

<%
rs.MoveNext
rs.Close
END IF
ELSEIF Request.Form("flag")="2" THEN
comnt = request.form("dataMessage")
kament = Replace(comnt, "'", "''")

SQLstmt = "UPDATE database SET "
SQLstmt = SQLstmt & "Message='" & kament & "' "

any help please???

i believe the problem is in how i am displaying data in this part of
the code:
<INPUT TYPE="hidden" NAME="Recordid" VALUE="<%=rs("dataID")%>">
Jul 19 '05 #1
9 2351
You'll need to replace the quotes before they reach the database, using
something along the lines of;

Saving data;

yourdata = Request.Form("datamessage")
'// Replace quotes with: --
strData = Replace(yourdata, chr(34), "--")

Getting data;
'// replace -- with quotes
strData = Replace(yourdata, "--", chr(34))

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)
cooldv <md**@hotmail.com> wrote in message
news:d3*************************@posting.google.co m...
i know how to replace the sign " when SUBMITTING a form in asp by this
code:
message = Replace(usermessage, "'", "''").

My problem is DISPLAYING data in an asp FORM, from an an access
database, when the data already contains a " sign

problem is like this:
access database .... to update on the internet .... a *dataupdate.asp*
page ..... On this page, the data gets displayed in a form where i
make corrections and then i update it ..... working perfectly; the
data gets displayed in the form perfectly well and gets updated also
BUT >>>
PROBLEM >>>

If there is a " sign in the data, then all the text beyond the " sign
is not displayed inside the text box of the form and is obviously lost
if the form is submitted to update the database.

Also, if data is like this:
text1 " text2 > text3 text4

then,
text1 is displayed inside the text box of the form
text2 is not displayed anywhere as it is after the sign "
the data beyond the > sign gets displayed, but
text3 text4 get displayed OUTSIDE the text box of the form as html
output
Here is the code:

<%
Actionvar=Request.QueryString("actionvar")

Set conn = server.createobject("adodb.connection")
DSNtemp="DRIVER={Microsoft Access Driver (*.mdb)}; "
DSNtemp=dsntemp & "DBQ=" & server.mappath("database.mdb")
conn.Open DSNtemp

IF Actionvar="update" THEN
IF Len(TRIM(Request.Form("flag"))) = 0 THEN
SQLstmt = "SELECT * FROM database WHERE dataID=" &
Request.QueryString("Recid")

Set rs = conn.Execute(SQLstmt)
IF NOT RS.EOF THEN
%>

<table>
<FORM METHOD="post" ACTION="dataupdate.asp?Actionvar=update">
<INPUT TYPE="text" size="78" NAME="dataMessage"
VALUE="<%=rs("Message")%>">

<INPUT TYPE="hidden" NAME="flag" VALUE="2">
<INPUT TYPE="hidden" NAME="Recordid" VALUE="<%=rs("dataID")%>">
<INPUT TYPE="submit" VALUE="Update">
</form>
</table>

<%
rs.MoveNext
rs.Close
END IF
ELSEIF Request.Form("flag")="2" THEN
comnt = request.form("dataMessage")
kament = Replace(comnt, "'", "''")

SQLstmt = "UPDATE database SET "
SQLstmt = SQLstmt & "Message='" & kament & "' "

any help please???

i believe the problem is in how i am displaying data in this part of
the code:
<INPUT TYPE="hidden" NAME="Recordid" VALUE="<%=rs("dataID")%>">

Jul 19 '05 #2
cooldv wrote:
<snip>
This
<INPUT TYPE="hidden" NAME="Recordid" VALUE="<%=rs("dataID")%>">


should be either this:

<INPUT TYPE="hidden" NAME="Recordid" VALUE='<%=rs("dataID")%>'>

or this:

<INPUT TYPE="hidden" NAME="Recordid" VALUE=
"<%=HTMLEncode(rs("dataID"))%>">

Check out this short example to see the difference:

<%
sText="text containing "" character"
Response.Write stext & "<BR>"
%>
<HTML>
<BODY>
<INPUT VALUE=" <%=server.HTMLEncode(sText)%>" style="WIDTH:345px">
</BODY>
</HTML>

HTH,
Bob Barrows

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Jul 19 '05 #3
> You'll need to replace the quotes before they reach the database, using
something along the lines of;

Saving data;

yourdata = Request.Form("datamessage")
Too late at that point. The problem isn't putting the data into the
database, it's that the data is truncated (by having value="foo"bar") before
it even gets to the ASP form handler.
Getting data;
'// replace -- with quotes
strData = Replace(yourdata, "--", chr(34))


Plus, I disagree with this method altogether. Why would you replace quotes
with dashes? You're completely changing the meaning of the existing data,
plus you'll turn *ALL* dashes into double quotes when retrieving.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
Jul 19 '05 #4
Aaron Bertrand [MVP] <aa***@TRASHaspfaq.com> wrote in message
news:OK**************@TK2MSFTNGP10.phx.gbl...
You'll need to replace the quotes before they reach the database, using
something along the lines of;

Saving data;

yourdata = Request.Form("datamessage")
Too late at that point. The problem isn't putting the data into the
database, it's that the data is truncated (by having value="foo"bar")

before it even gets to the ASP form handler. </snip>

In that case, couldn't you use some javascript code or something?

<snip>
Getting data;
'// replace -- with quotes
strData = Replace(yourdata, "--", chr(34))


Plus, I disagree with this method altogether. Why would you replace

quotes with dashes? You're completely changing the meaning of the existing data,
plus you'll turn *ALL* dashes into double quotes when retrieving.

</snip>

I just figured you could replace the quotes with something thats not likely
to be in there (doesn't have to be dashes obviously), so if you don't want
to use dashes, you could replace it with &quote or something?

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)
Jul 19 '05 #5
> I just figured you could replace the quotes with something thats not
likely
to be in there (doesn't have to be dashes obviously), so if you don't want
to use dashes, you could replace it with &quote or something?


Again, the problem isn't in STORING the data. So a solution that involves
"encoding" the character to store in the database not only "vandalizes" the
data (someone running a SELECT column FROM table might not be aware of this
replace, and wonder why there's a dash or a tilde or some other character
when there should be a quote), it doesn't solve the issue anyway.
Jul 19 '05 #6
"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message
news:eT**************@tk2msftngp13.phx.gbl...
cooldv wrote:
<snip>
This
<INPUT TYPE="hidden" NAME="Recordid" VALUE="<%=rs("dataID")%>">


should be either this:

<INPUT TYPE="hidden" NAME="Recordid" VALUE='<%=rs("dataID")%>'>

or this:

<INPUT TYPE="hidden" NAME="Recordid" VALUE=
"<%=HTMLEncode(rs("dataID"))%>">

Check out this short example to see the difference:

<%
sText="text containing "" character"
Response.Write stext & "<BR>"
%>
<HTML>
<BODY>
<INPUT VALUE=" <%=server.HTMLEncode(sText)%>" style="WIDTH:345px">
</BODY>
</HTML>


I'd like to vote for option 2, since it is immune to both apostrophes
( ' ) and quotes ( " ), as well any other entity references that may
exist in the data (less-than, greater-than, ampersand, etc...)
Jul 19 '05 #7
"Bob Barrows" <re******@NOyahoo.SPAMcom> wrote in message news:<eT**************@tk2msftngp13.phx.gbl>...
cooldv wrote:
<snip>
This
<INPUT TYPE="hidden" NAME="Recordid" VALUE="<%=rs("dataID")%>">
should be either this:

<INPUT TYPE="hidden" NAME="Recordid" VALUE='<%=rs("dataID")%>'>

-------- No!!!! with this change, any text beyond an apostrophe '
sign in the data disappears

or this:

<INPUT TYPE="hidden" NAME="Recordid" VALUE=
"<%=HTMLEncode(rs("dataID"))%>">

Check out this short example to see the difference:

<%
sText="text containing "" character"
Response.Write stext & "<BR>"
%>
<HTML>
<BODY>
<INPUT VALUE=" <%=server.HTMLEncode(sText)%>" style="WIDTH:345px">
</BODY>
</HTML>

HTH,
Bob Barrows


i could not understand what you meant by this. could you please be
more specific, how do i do that?
dataID or RecID is a numeric value and i have no trouble with the ID.
It is the TEXT with a double quote that is giving me hard time.

i put a demo of the problem here:
http://www.dv.pgims.org/datadisplay.asp

here is my code again:

<%
Actionvar=Request.QueryString("actionvar")

Set conn = server.createobject("adodb.connection")
DSNtemp="DRIVER={Microsoft Access Driver (*.mdb)}; "
DSNtemp=dsntemp & "DBQ=" & server.mappath("database.mdb")
conn.Open DSNtemp

IF Actionvar="update" THEN
IF Len(TRIM(Request.Form("flag"))) = 0 THEN
SQLstmt = "SELECT * FROM database WHERE dataID=" &
Request.QueryString("Recid")

Set rs = conn.Execute(SQLstmt)
IF NOT RS.EOF THEN
%>

<table>
<FORM METHOD="post" ACTION="dataupdate.asp?Actionvar=update">
<INPUT TYPE="text" size="78" NAME="dataMessage"
VALUE="<%=rs("Message")%>">

<INPUT TYPE="hidden" NAME="flag" VALUE="2">
<INPUT TYPE="hidden" NAME="Recordid" VALUE="<%=rs("dataID")%>">
<INPUT TYPE="submit" VALUE="Update">
</form>
</table>

<%
rs.MoveNext
rs.Close
END IF
ELSEIF Request.Form("flag")="2" THEN
comnt = request.form("dataMessage")
kament = Replace(comnt, "'", "''")

SQLstmt = "UPDATE database SET "
SQLstmt = SQLstmt & "Message='" & kament & "' "
Jul 19 '05 #8
What he's suggesting is pretty simple. Change this:

<INPUT TYPE="text" size="78" NAME="dataMessage" VALUE="<%=rs("Message")%>">

To this:

<INPUT TYPE="text" size="78" NAME="dataMessage"
VALUE="<%=Server.HTMLEncode(rs("Message"))%>">

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
Jul 19 '05 #9
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> wrote in message news:<#Y*************@TK2MSFTNGP10.phx.gbl>...
What he's suggesting is pretty simple. Change this:

<INPUT TYPE="text" size="78" NAME="dataMessage" VALUE="<%=rs("Message")%>">

To this:

<INPUT TYPE="text" size="78" NAME="dataMessage"
VALUE="<%=Server.HTMLEncode(rs("Message"))%>">

Thank you, Bob Barrows for your solution and Aaron Bertrand for your clarification.

The above solution is working like a charm. Thanks again.
Jul 19 '05 #10
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
HELP: "insert into" problem in PHP
by: newbie_mw | last post by:
Hi, I need urgent help with a novice problem. I would appreciate any advice, suggestions... Thanks a lot in advance! Here it is: I created a sign-up sheet (reg.html) where people fill in their...
PHP
13
Problems with form elements that are hidden with <div style="display:none">
by: Dan R Brown | last post by:
I have a large form that is generated dynamically in a jsp using xml / xslt. So, to break up this form into several "tabbed" sections, I break up the form using <div> tags. Each <div...
Javascript
5
Help with Firefox compatibility
by: Craig Keightley | last post by:
Please help, i have attached my page which worksin IE but i cannnot get the drop down menu to fucntion in firefox. Any one have any ideas why? Many Thanks Craig ...
Javascript
8
Cannot use mail() in IE, only works in a debugger--help
by: baustin75 | last post by:
Posted: Mon Oct 03, 2005 1:41 pm Post subject: cannot mail() in ie only when debugging in php designer 2005 -------------------------------------------------------------------------------- ...
PHP
22
=Iff(([Me]![Gender])="M","Male","Female")
by: campbellbrian2001 | last post by:
Thanks in Advance! ... I have two textboxes: 1 is visible (and gets its value based on the invisible textbox and displays either "Male" or "Female", and needs to display either male of female based...
Microsoft Access / VBA
0
Stuck & Need Help with "Generate Report"
by: ward | last post by:
Greetings. Ok, I admit it, I bit off a bit more than I can chew. I need to complete this "Generate Report" page for my employer and I'm a little over my head. I could use some additional...
PHP
3
More Help With Requery
by: mcmahonb | last post by:
Hey people... I've been searching this forum for a few hours and even though this topic has been went over from many different angles; I cannot seem to figure out how to make things work on my...
Microsoft Access / VBA
0
VB6 OR VBA & Webbrowser DOM Tiny $50 Mini Project Programmer help
by: gunimpi | last post by:
http://www.vbforums.com/showthread.php?p=2745431#post2745431 ******************************************************** VB6 OR VBA & Webbrowser DOM Tiny $50 Mini Project Programmer help wanted...
Microsoft Access / VBA
1
Help with Access and Frontpage
by: Webstorm | last post by:
Hi, I hope someone can help me sort this out a bit, Im completely lost. Here is the page I am working on: http://www.knzbusinessbrokers.com/default.asp I have 3 search critera that I need to...
Microsoft Access / VBA
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!