By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,157 Members | 891 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,157 IT Pros & Developers. It's quick & easy.

javascript rich text editor shows html tags in ASP text area

100+
P: 114
My newsweblog has ASP pages with news articles and a commenting system. The comments are posted, and to read them the reader clicks on the headline of the comment, and it opens up in a pop up window.

I added this "whizzywig rich text editor" to the comments textbox where readers comment on articles.
Whizzywig is a javascript rich text editor, and appears to work fine. I type the comment using the editor when i need to and then click submit.

However, when i open the comments to read them, the formatting doesn't show, instead there are tags and html in the comment box.

How do i correct this? or does anyone know a simple ASP rich text editor?

Here is the code below, do i need to add something to it? Any help appreciated, and i'm not html or ASP literate, Thank you




Expand|Select|Wrap|Line Numbers
  1.  
  2. <table align="center" width="400" cellpadding="2" cellspacing="0" border="0"> 
  3. <form action="_comments.asp?ID=<%=NID%>" method="post" name="frm3" onSubmit="return ValidateComment()"> 
  4. <tr> 
  5. <td width="100">Name</td> 
  6. <td width="300"><%=Session("PMMS_USERNAME")%></td> 
  7. </tr><tr> 
  8. <td>Country</td> 
  9. <td width="300"><%=Session("PMMS_COUNTRY")%></td> 
  10. </tr><tr> 
  11. <td>Subject*</td> 
  12. <td width="300"><input type="Text" name="subject" value="" maxlength="50" class="textbox" style="width: 100%"></td> 
  13. </tr><tr> 
  14.  
  15.  
  16.  
  17. <td valign="top">Comment*</td> 
  18. <td width="300"><textarea id="comment" rows="6" cols="50" name="comment" style="width: 100%;" class="textbox"></textarea> 
  19.  
  20. <script type="text/javascript"> 
  21. buttonPath = "buttons/"; 
  22. makeWhizzyWig("comment", "formatblock fontsize rule newline color hilite bold italic underline number bullet undo redo"); 
  23. </script> 
  24.  
  25.  
  26.  
  27. <input type="Checkbox" name="allowE" value="1" />Allow readers to email me. 
  28. </td> 
  29. </tr><tr> 
  30. <td></td> 
  31. <td><input type="Submit" value="Leave Comment" /></td> 
  32. </tr> 
  33. <input type="Hidden" name="mode" value="set" /></form> 
  34. </table>
  35.  
Apr 8 '07 #1
Share this Question
Share on Google+
36 Replies


jhardman
Expert 2.5K+
P: 3,405
It is my guess that the problem is in the page that displays the comment rather than the page that saves the comment. When you display the comment, inside what HTML tags is it placed? In other words, do you show the comment like this:
[html]<table><tr><td><textarea>This is my comment to the irresposible
column published in your paper last week. How dare you print
such garbage? I was so insensed that I told all of my friends
to boycott your paper and switch to the <u>weekly world
news</u></textarea></td></tr></table>[/html]?

If possible, post the source code for one of the comment pages.

Jared
Apr 10 '07 #2

100+
P: 114
It is my guess that the problem is in the page that displays the comment rather than the page that saves the comment. When you display the comment, inside what HTML tags is it placed? In other words, do you show the comment like this:
[html]<table><tr><td><textarea>This is my comment to the irresposible
column published in your paper last week. How dare you print
such garbage? I was so insensed that I told all of my friends
to boycott your paper and switch to the <u>weekly world
news</u></textarea></td></tr></table>[/html]?

If possible, post the source code for one of the comment pages.

Jared
thank you Jared,

Here is the comment page, that opens up the database stored comments. It is an access database. I have made the part which shows the comment text Bold,

also on the page which has the form box where readers add the comments, i have to add a Javascript bodyonload command that initialises the rich text editor. I don't know if i have to add it here on this page too, this page is where the comment opens up in and is called "_comment_view.asp"

Expand|Select|Wrap|Line Numbers
  1.  
  2. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  3. <html><head> 
  4.  
  5.  
  6.     <title>Untitled</title>
  7.  
  8.     <link rel="STYLESHEET" type="text/css" href="styles.css">
  9. <link href="styles.css" rel="stylesheet" type="text/css">
  10. <style type="text/css">
  11. <!--
  12. .style5 {
  13.     font-size: 9;
  14.     color: #55A0FF;
  15. }
  16. .style6 {font-size: 9px}
  17. -->
  18. </style>
  19.  
  20.  
  21.  
  22.  
  23. </head>
  24.  
  25.     <script language="JavaScript" type="text/javascript"> 
  26. <!-- 
  27. function popwindow(Name,scrollBar,theWidth,theHeight,theTop,theLeft)
  28. {
  29. var desktop=window.open(Name,"_blank","toolbar=no,titlebar=no,location=no,status=no,menubar=no,resizable=no,scrollbars="+scrollBar+",width="+theWidth+",height="+theHeight+",top="+theTop+",left="+theLeft+"");
  30. }
  31. // -->
  32. </script>
  33.  
  34.     <body bgcolor="#FFFFFF" text="#000000" topmargin="5" leftmargin="5" marginwidth="5" marginheight="5">
  35.  
  36.     <body style="overflow:hidden;"> 
  37. <table width="95%" height="100%" align="center">
  38.  
  39.  
  40. <tr>
  41. <td height="309" table colspan="4" valign="top"><strong>This is a test message</strong> <br />
  42. <br />
  43. <span class="style5">cynthia - manhattan - Sweden - Monday, April 09, 2007 - 10:33:11 PM</span><br />
  44. <br />
  45. <!--change the distance between bottom nav and comment body in the height here,-->
  46. <div style="width:100%;height:85%;overflow:auto"' border=0>I am testing the rich text editor. <br />&lt;DIV&gt;&nbsp;&lt;/DIV&gt;<br />&lt;DIV&gt;&lt;STRONG&gt;This is supposed to be bold&lt;/STRONG&gt;&lt;/DIV&gt;<br />&lt;DIV&gt;&nbsp;&lt;/DIV&gt;<br />&lt;DIV&gt;&lt;FONT color=#ff0000&gt;this is supposed to be red text&lt;/FONT&gt;&lt;/DIV&gt;</div></td>
  47. </tr>
  48. <tr>
  49. <td width="20%" height="38" align="left" valign="middle">
  50. &nbsp;</td>
  51.     <td width='20%' height='38' align='left' valign='middle'>
  52. <a href="javascript:popwindow('_email.asp?ID=151&amp;AID=35','name','450','410','230','200');"><img src='comment_imgs/e_email.gif' width='49' height='12' alt='' border='0' /></a>
  53.  
  54.  
  55. &nbsp;</td>        
  56. &nbsp;</td>
  57. <td width="40%" height="38" align="center" valign="middle">
  58. <a href="_comment_view.asp?ID=150&amp;AID=35"><img src="comment_imgs/button-last.gif" width="52" height="19" alt="" border="0" /></a>
  59.  
  60. &nbsp;
  61.  
  62. &nbsp;</td>
  63. <td width="20%" height="38" align="right" valign="middle"><a href="javascript:window.close();"><img src="comment_imgs/e_close.gif" width="47" height="12" alt="" border="0" /></a>&nbsp;</td>
  64. </tr>
  65. </table>
  66. <script langauge="javascript">
  67. function Respond(){
  68. opener.document.frm3.subject.value="RE:This is a test message";
  69. opener.document.frm3.comment.focus();
  70.  
  71. }
  72. </script>
  73.  
  74. </body></html>
  75.  
Apr 11 '07 #3

100+
P: 114
thank you Jared,

Here is the comment page, that opens up the database stored comments. It is an access database. I have made the part which shows the comment text Bold,

also on the page which has the form box where readers add the comments, i have to add a Javascript bodyonload command that initialises the rich text editor. I don't know if i have to add it here on this page too, this page is where the comment opens up in and is called "_comment_view.asp"

sorry jared, i made a mistake, in the previous post to you. I highlighted the wrong part. The part i should have highlighted is as below in bold. It is the text area where the comment show, and i think the rich text editor adds a lot of gunk to it, but i'm not sure, this is the rich text editor i'm using.
http://www.webwizguide.info/asp/samp...57&mode=aspApp

i just want to mention, that before trying Web Wiz Rich Text Editor, i tried WhizzyWig which is a javascript one. and before that another one. I had the same problem with all 3. Why is this happening?

and if its a problem with my layout, then can you suggest another rich text editor that may be compatible? I use ASP pages obviously, and i use an access database.

Thanks, and below is the code

Expand|Select|Wrap|Line Numbers
  1.  
  2. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  3. <html><head> 
  4.  
  5.  
  6.     <title>Untitled</title>
  7.  
  8.     <link rel="STYLESHEET" type="text/css" href="styles.css">
  9. <link href="styles.css" rel="stylesheet" type="text/css">
  10. <style type="text/css">
  11. <!--
  12. .style5 {
  13.     font-size: 9;
  14.     color: #55A0FF;
  15. }
  16. .style6 {font-size: 9px}
  17. -->
  18. </style>
  19.  
  20.  
  21.  
  22.  
  23. </head>
  24.  
  25.     <script language="JavaScript" type="text/javascript"> 
  26. <!-- 
  27. function popwindow(Name,scrollBar,theWidth,theHeight,theTop,theLeft)
  28. {
  29. var desktop=window.open(Name,"_blank","toolbar=no,titlebar=no,location=no,status=no,menubar=no,resizable=no,scrollbars="+scrollBar+",width="+theWidth+",height="+theHeight+",top="+theTop+",left="+theLeft+"");
  30. }
  31. // -->
  32. </script>
  33.  
  34.     <body bgcolor="#FFFFFF" text="#000000" topmargin="5" leftmargin="5" marginwidth="5" marginheight="5">
  35.         <body OnLoad="initialiseWebWizRTE();">
  36.     <body style="overflow:hidden;"> 
  37. <table width="95%" height="100%" align="center">
  38.  
  39.  
  40. <tr>
  41. <td height="309" table colspan="4" valign="top"><strong>This is a test message</strong> <br />
  42. <br />
  43. <span class="style5">cynthia - manhattan - Sweden - Monday, April 09, 2007 - 10:33:11 PM</span><br />
  44. <br />
  45. <!--change the distance between bottom nav and comment body in the height here,-->
  46. <div style="width:100%;height:85%;overflow:auto"' border=0>I am testing the rich text editor. <br />&lt;DIV&gt;&nbsp;&lt;/DIV&gt;<br />&lt;DIV&gt;&lt;STRONG&gt;This is supposed to be bold&lt;/STRONG&gt;&lt;/DIV&gt;<br />&lt;DIV&gt;&nbsp;&lt;/DIV&gt;<br />&lt;DIV&gt;&lt;FONT color=#ff0000&gt;this is supposed to be red text&lt;/FONT&gt;&lt;/DIV&gt;</div></td>
  47. </tr>
  48. <tr> <td width="20%" height="38" align="left" valign="middle">
  49. &nbsp;</td>
  50.     <td width='20%' height='38' align='left' valign='middle'>
  51. <a href="javascript:popwindow('_email.asp?ID=151&amp;AID=35','name','450','410','230','200');"><img src='comment_imgs/e_email.gif' width='49' height='12' alt='' border='0' /></a>
  52.  
  53.  
  54. &nbsp;</td>        
  55. &nbsp;</td>
  56. <td width="40%" height="38" align="center" valign="middle">
  57. <a href="_comment_view.asp?ID=150&amp;AID=35"><img src="comment_imgs/button-last.gif" width="52" height="19" alt="" border="0" /></a>
  58.  
  59. &nbsp;
  60.  
  61. &nbsp;</td>
  62. <td width="20%" height="38" align="right" valign="middle"><a href="javascript:window.close();"><img src="comment_imgs/e_close.gif" width="47" height="12" alt="" border="0" /></a>&nbsp;</td>
  63. </tr>
  64. </table>
  65. <script langauge="javascript">
  66. function Respond(){
  67. opener.document.frm3.subject.value="RE:This is a test message";
  68. opener.document.frm3.comment.focus();
  69.  
  70. }
  71. </script>
  72.  
  73. </body></html>
  74.  
Apr 11 '07 #4

100+
P: 114
<div style="width:100%;height:85%;overflow:auto"' border=0>I am testing the rich text editor. <br />&lt;DIV&gt;&nbsp;&lt;/DIV&gt;<br />&lt;DIV&gt;&lt;STRONG&gt;This is supposed to be bold&lt;/STRONG&gt;&lt;/DIV&gt;<br />&lt;DIV&gt;&nbsp;&lt;/DIV&gt;<br />&lt;DIV&gt;&lt;FONT color=#ff0000&gt;this is supposed to be red text&lt;/FONT&gt;&lt;/DIV&gt;</div></td>
</tr>
<tr>
<
I have to add one more thing Jared, and that is that in the page which shows the formatted text, it does not display in a text area and if anyone replies to that comment, they have to click "reply" and that takes them to the original page which has a form and also has the rich text editor and that page DOES have a text area as you described.

So are you saying, that text created in this text area, can only be displayed in a pop up window, if that pop up window also has a text area?

Can it not be displayed as it is? ie. in the "comment" area above?
Apr 12 '07 #5

jhardman
Expert 2.5K+
P: 3,405
So are you saying, that text created in this text area, can only be displayed in a pop up window, if that pop up window also has a text area?
No, the easiest way to show coding is to put it in a textarea, this usually shows the code for the formatting rather than the real formatting. If that was the problem there is a really simple fix. Unfortunately, that is not the problem.

The coding has been altered at some step to display the codes. I don't know if that makes sense. OK, here's an example. You type the phrase "emboldened text" into the editor and use the editor's controls to make it bold. The editor should save the following into the db:
Expand|Select|Wrap|Line Numbers
  1. <strong>emboldened text</strong>
when the comment is displayed this should be pulled up as is. If it was displayed in a textarea it would look like the code, but if it was outside a textarea it should look correct. Somewhere along the way, however, this has been changed to
Expand|Select|Wrap|Line Numbers
  1. &lt;strong&gt;emboldened text&lt;/strong&gt;
(the "&lt;" etc. are the HTML codes to display special characters like "greater than" and "less than" if you don't want them interpretted as tags)

I would be surprised if the change was made before it was added to the db. Just to make sure, is there any way you can open the db and check to see that you have "<strong>" and not "&lt;strong&gt;"?

If it is displayed correctly in the db, then the problem comes when the comment is opened for display. There is likely a brief line in the asp code which says something like this:
Expand|Select|Wrap|Line Numbers
  1. response.write "<div style=""width:100%;height:85%;overflow:auto""' border=0>"
  2. response.write HTMLEncode (objRS("comment"))
  3. response.write "</div>"
The "comment" is the name of the field in the db that holds the comment, and the "HTMLEncode ()" is the function which is messing things up. If you find this and remove it
Expand|Select|Wrap|Line Numbers
  1. response.write objRS("comment")
you will likely fix the problem.

There might be another problem caused by removing the function entirely, but lets deal with that after you find it. When you find the above lines, let me know and I will try to help you test for the other problem.

Jared
Apr 13 '07 #6

100+
P: 114
Jared, thank you so much for your help.

I opened the database, and i checked the comments and this is what is displayed.


fldCOMMENT
&lt;P&gt;this is just a test to &lt;STRONG&gt;see what&lt;/STRONG&gt; i can do&lt;/P&gt;
&lt;P&gt;&lt;FONT style=&quot;BACKGROUND-COLOR: #ffcc00&quot;&gt;and if i can go home &lt;/FONT&gt;&lt;/P&gt;



fldCOMMENT
&lt;H1&gt;as &lt;FONT color=#000099&gt;we came&lt;/FONT&gt;&lt;/H1&gt;


Just to make it clearer for you. This software is for is a news weblog, with daily news added, and each news article has a commenting system, you know like you have on news sites, where readers can add their comments.

As you have probably already noted, there is a header file that is included on the page that adds the comments to the database. The header file includes the top menu and 2 files, that are inc_api.asp and config.asp

obviously the changes that are made will be in these 2 pages probably, if not on the _view_asp page.

I do want to mention one other thing. On the admin side of this weblog, there is the admin section where i add the news, and there is a rich text editor included here whose files are in a separate javascript file.
I hope this isn't causing the clash. I would use the same admin rich text editor (or a modified version) but i don't know how to do it.

If it doesn't cause any clashes i'd like to continue making the code above work, and what i will do in the next post is to post the 2 files that may be making the changes to the database.
Apr 13 '07 #7

100+
P: 114
this is the inc.api.asp file


Expand|Select|Wrap|Line Numbers
  1. <% 
  2. '// REPLACES INVALID CHARS FROM STRING TO BE PASSED INTO JavaScript
  3. '// REPLACES THE FOLLOWING CHARS: "-'-(-) with `-`-[-`]
  4. FUNCTION FIX_JS_STR(val)
  5. Dim TMP_VAL
  6.     TMP_VAL = val
  7.     If Len(TMP_VAL) > 0 Then
  8.         TMP_VAL = Replace(TMP_VAL,chr(34),"&quot;")
  9.         TMP_VAL = Replace(TMP_VAL,"'","`")
  10.         TMP_VAL = Replace(TMP_VAL,"(","[")
  11.         TMP_VAL = Replace(TMP_VAL,")","]")        
  12.     End IF
  13.     FIX_JS_STR = TMP_VAL
  14. END FUNCTION
  15.  
  16. '// CHECK IF THE BROWSER IS MSIE
  17. '// Returns True if MSIE false if anything else
  18. FUNCTION IsMSIE()
  19.     IsMSIE = True
  20.     'If Instr(Ucase(Request.ServerVariables("HTTP_USER_AGENT")), "MSIE") Then
  21.     '    IsMSIE = True
  22.     'Else
  23.     '    IsMSIE = False
  24.     'End if
  25. END FUNCTION
  26.  
  27. '// ENCRYPTS STRING SUCH AS PASSWORD
  28. '// Returns encrypted string such as: BTEGE^J] to password
  29. FUNCTION EnCrypt(strCryptThis)
  30.   Dim strChar, iKeyChar, iStringChar, i
  31.   for i = 1 to Len(strCryptThis)
  32.      iKeyChar = Asc(mid("2564218975223456482120840",i,1))
  33.      iStringChar = Asc(mid(strCryptThis,i,1))
  34.      iCryptChar = iKeyChar Xor iStringChar
  35.      strEncrypted =  strEncrypted & Chr(iCryptChar)
  36.   next
  37.   EnCrypt = strEncrypted
  38. END FUNCTION
  39.  
  40. '// DECRYPT STRING SUCH AS PASSWORD
  41. '// Returns decrypted string such as: password to BTEGE^J]
  42. FUNCTION DeCrypt(strEncrypted)
  43. Dim strChar, iKeyChar, iStringChar, i
  44.   for i = 1 to Len(strEncrypted)
  45.      iKeyChar = (Asc(mid("2564218975223456482120840",i,1)))
  46.      iStringChar = Asc(mid(strEncrypted,i,1))
  47.       iDeCryptChar = iKeyChar Xor iStringChar
  48.      strDecrypted =  strDecrypted & Chr(iDeCryptChar)
  49.   next
  50.   DeCrypt = strDecrypted
  51. END FUNCTION
  52.  
  53. PRIVATE FUNCTION APO(val)
  54.     Dim tmpSTR
  55.     tmpSTR = val
  56.     IF NOT tmpSTR = "" THEN
  57.         tmpSTR = Replace(Trim(tmpSTR),chr(34),"&quot;")
  58.         tmpSTR = Replace(Trim(tmpSTR),"'","''")
  59.         tmpSTR = Replace(Trim(tmpSTR),"<","&lt;")
  60.         tmpSTR = Replace(Trim(tmpSTR),">","&gt;")
  61.         IF DB_TO_USE = 3 THEN tmpSTR = Replace(Trim(tmpSTR),"\","\\")
  62.     END IF
  63.     APO = tmpSTR
  64. END FUNCTION
  65.  
  66. PRIVATE FUNCTION APO_LAX(val)
  67.     Dim strRES
  68.     strRES = Replace(Trim(val),"'","''")
  69.     IF DB_TO_USE = 3 THEN strRES = Replace(Trim(strRES),"\","\\")
  70.     APO_LAX = strRES
  71. END FUNCTION
  72.  
  73. PRIVATE FUNCTION APO_INJ(val)
  74.     Dim tmpSTR
  75.     tmpSTR = val
  76.     IF NOT tmpSTR = "" THEN
  77.         tmpSTR = Replace(Trim(tmpSTR),chr(34),"&quot;")
  78.         tmpSTR = Replace(Trim(tmpSTR),"<","&lt;")
  79.         tmpSTR = Replace(Trim(tmpSTR),">","&gt;")
  80.         IF DB_TO_USE = 3 THEN tmpSTR = Replace(Trim(tmpSTR),"\","\\")
  81.     END IF
  82.     APO_INJ = tmpSTR
  83. END FUNCTION
  84.  
  85.  
  86. '// CONVERT VALEU TO EITHER 1 OR 0
  87. '// Convert "1" to 1 ; Convert "X" to 0
  88. FUNCTION CONVERT_NUM(val)
  89.     IF Trim(val) = "1" THEN
  90.         CONVERT_NUM = 1
  91.     ELSE
  92.         CONVERT_NUM = 0
  93.     END IF    
  94. END FUNCTION
  95.  
  96. '// CONVERT VALUE FROM NUMERIC TO WORDS
  97. '// Convert "1" to Yes ; Convert "X" to No
  98. FUNCTION CONVERT_TXT(val)
  99.     IF Trim(Cstr(val)) = "1" THEN
  100.         CONVERT_TXT = "Yes"
  101.     ELSE
  102.         CONVERT_TXT = "No"
  103.     END IF    
  104. END FUNCTION
  105.  
  106.  
  107. '// STRIP HTML TAGS FROM TEXT
  108. '// Returns modified content.
  109. FUNCTION STRIP_CODE(strText)
  110.     Dim RegEx
  111.     Set RegEx = New RegExp
  112.     RegEx.Pattern = "<[^>]*>"
  113.     RegEx.Global = True
  114.     STRIP_CODE = RegEx.Replace(strText, "")
  115.     Set RegEx = Nothing
  116. END FUNCTION
  117.  
  118.  
  119. '// PROCESSES THE TEXT FOR ANY URL OR EMAIL STRINGS
  120. '// MAKE ALL URLS AND EMAILS CLICKABLE IN THE TEXT
  121. '// Returns modified content.
  122. FUNCTION LinkURLS(ByRef asContent) '// Regular Expression Object (Requires vbScript 5.0 and above)
  123. On Error Resume Next
  124.         Dim loRegExp    
  125.         if asContent = "" Then Exit function        
  126.         Set loRegExp = New RegExp        
  127.         loRegExp.Global = True        
  128.         loRegExp.IgnoreCase = True
  129.         loRegExp.Pattern = "((ht|f)tps?://\S+[/]?[^\.])([\.]?.*)"
  130.         LinkURLs = loRegExp.Replace(asContent, "<a target=""_blank"" href=""$1"">$1</a>$3")
  131.         loRegExp.Pattern = "(\S+@\S+.\.\S\S\S?)"
  132.         LinkURLs = loRegExp.Replace(LinkURLs, "<a href=""mailto:$1"">$1</a>")
  133.         Set loRegExp = Nothing        
  134. END FUNCTION
  135.  
  136. '// CHECK THAT WE HAVE VALID EMAIL ADDRESS
  137. '// Returns True if valid, False is not
  138. PRIVATE FUNCTION IsEmailValid(strEmail) 
  139. Dim strArray, strItem, i, c, blnIsItValid 
  140.     blnIsItValid = True 
  141.     strArray = Split(strEmail, "@") 
  142.     If UBound(strArray) <> 1 Then 
  143.         blnIsItValid = False 
  144.         IsEmailValid = blnIsItValid 
  145.         Exit Function 
  146.     End If 
  147.     For Each strItem In strArray 
  148.         If Len(strItem) <= 0 Then 
  149.             blnIsItValid = False 
  150.             IsEmailValid = blnIsItValid 
  151.             Exit Function 
  152.         End If 
  153.         For i = 1 To Len(strItem) 
  154.                c = LCase(Mid(strItem, i, 1)) 
  155.                If InStr("abcdefghijklmnopqrstuvwxyz_-.", c) <= 0 And Not IsNumeric(c) Then 
  156.                    blnIsItValid = False 
  157.                    IsEmailValid = blnIsItValid 
  158.                    Exit Function 
  159.                End If 
  160.         Next 
  161.         If Left(strItem, 1) = "." Or Right(strItem, 1) = "." Then 
  162.            blnIsItValid = False 
  163.            IsEmailValid = blnIsItValid 
  164.            Exit Function 
  165.         End If 
  166.     Next 
  167.     If InStr(strArray(1), ".") <= 0 Then 
  168.         blnIsItValid = False 
  169.         IsEmailValid = blnIsItValid 
  170.         Exit Function 
  171.     End If 
  172.     i = Len(strArray(1)) - InStrRev(strArray(1), ".") 
  173.     If i < 2 Then 
  174.         blnIsItValid = False 
  175.         IsEmailValid = blnIsItValid 
  176.         Exit Function 
  177.     End If 
  178.     If InStr(strEmail, "..") > 0 Then 
  179.         blnIsItValid = False 
  180.         IsEmailValid = blnIsItValid 
  181.         Exit Function 
  182.     End If 
  183.     IsEmailValid = blnIsItValid 
  184. END FUNCTION
  185.  
  186. ' Format Phone Number
  187. FUNCTION FORMAT_PHONE(strP)
  188.   Dim regEX  
  189.   Set regEX = New RegExp
  190.   regEX.Pattern = "(\d{3})(\d{3})(\d{4})"
  191.   FORMAT_PHONE = regEX.Replace(strP, "($1) $2-$3")
  192.   Set regEX = Nothing
  193. END FUNCTION
  194.  
  195. ' Ensure non vionlent entry
  196. PRIVATE FUNCTION TURBO_INJECTION(strWords) 
  197.     Dim badChars, newChars, I
  198.     badChars = array("select", "drop", ";", "--", "insert",  "delete", "xp_", ">XSS") 
  199.     newChars = strWords 
  200.     FOR I = 0 to Ubound(badChars) 
  201.         newChars = Replace(newChars, badChars(I), "") 
  202.     NEXT 
  203.     newChars = Replace(newChars,"'","''")
  204.     TURBO_INJECTION = newChars
  205. END FUNCTION
  206.  
  207. ' Check that the given ID is valid   
  208. PRIVATE FUNCTION IS_VALID_ID(sID)
  209.     IF Trim(sID) = "" OR IsNUll(sID) THEN
  210.         IS_VALID_ID = False
  211.     ELSE
  212.         If Instr(sID,",") >=1 OR Instr(sID,".") >=1 THEN
  213.             IS_VALID_ID = False
  214.         Else    
  215.             If IsNumeric(sID) = True Then
  216.                 IS_VALID_ID = True
  217.             Else
  218.                 IS_VALID_ID = False
  219.             End If        
  220.         End If
  221.     END IF
  222. END FUNCTION  
continued in next post
Apr 13 '07 #8

100+
P: 114
Expand|Select|Wrap|Line Numbers
  1. ' Check that the given file exists
  2. FUNCTION IsFILE(strPATH)
  3.      If strPATH = ""  Then
  4.         IsFILE = False
  5.         Exit Function
  6.      End If 
  7.      Dim objFSO
  8.      Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
  9.      If (objFSO.FileExists(strPATH)) = True Then
  10.       IsFILE = True
  11.      Else
  12.       IsFILE = False
  13.      End If
  14.      Set objFSO = Nothing   
  15. End FUNCTION
  16.  
  17. ' replace some chars in XML
  18. FUNCTION PREPARE_XML(strVAL)
  19.     strVAL = Replace(strVAL,"<","&lt;")
  20.     strVAL = Replace(strVAL,">","&gt;")
  21.     strVAL = Replace(strVAL,"&","&amp;")  
  22.     strVAL = Replace(strVAL,"","'")      
  23.     strVAL = Replace(strVAL,"","'")
  24.     strVAL = Replace(strVAL,"","...")    
  25.     strVAL = Replace(strVAL,"","'")        
  26.     strVAL = Replace(strVAL,"","'")            
  27.     strVAL = Trim(strVAL)
  28.     PREPARE_XML = strVAL
  29. END FUNCTION
  30.  
  31. ' Process desired text content for image shortcuts
  32. FUNCTION PROCESS_SHORTCUTS(blOPEN, TEXT)
  33.     Dim SQL, RS, strRETURNED_DATA, EOF_VAL, intNUM_COL, intNUM_ROW, intROW_COUNTER, strSIGN, strIMAGE    
  34.     IF blOPEN = True THEN
  35.         Call OPEN_DB()    
  36.     END IF    
  37.         SQL = "SELECT fldSIGN, fldIMAGE FROM nm_tbl_library WHERE fldACTIVE = 1"
  38.         Set RS = Server.CreateObject("ADODB.Recordset")
  39.         RS.LockType   = 1
  40.         RS.CursorType = 0
  41.         RS.Open SQL, MyConn    
  42.             IF NOT RS.EOF THEN
  43.                 strRETURNED_DATA = RS.getrows
  44.             ELSE
  45.                 EOF_VAL = True
  46.             END IF    
  47.         RS.close
  48.         Set RS = Nothing
  49.     IF blOPEN = True THEN
  50.         MyConn.Close
  51.         Set MyConn = Nothing    
  52.     END IF          
  53.     IF Not EOF_VAL = True Then
  54.         intNUM_COL=ubound(strRETURNED_DATA,1)
  55.         intNUM_ROW=ubound(strRETURNED_DATA,2)
  56.         FOR intROW_COUNTER = 0 TO intNUM_ROW
  57.             strSIGN  = Trim(strRETURNED_DATA(0,intROW_COUNTER))
  58.             strIMAGE = Trim(strRETURNED_DATA(1,intROW_COUNTER))
  59.             strIMAGE = "<img src='" & strIMAGE & "' border='0' alt='' />"
  60.             TEXT = Replace(TEXT, strSIGN, strIMAGE)
  61.         NEXT
  62.     END IF                              
  63.     PROCESS_SHORTCUTS = TEXT
  64. END FUNCTION
  65.  
  66. ' Get desired setting value for the application
  67. FUNCTION GET_SETTINGS(blOPEN, fldNAME)
  68.  Dim SQL, RS
  69.     IF blOPEN = True THEN
  70.         Call OPEN_DB()
  71.     END IF
  72.         SQL = "SELECT " & fldNAME & " FROM nm_tbl_settings WHERE ID = 1"
  73.         Set RS = Server.CreateObject("ADODB.Recordset")
  74.         RS.LockType   = 1
  75.         RS.CursorType = 0
  76.         RS.Open SQL, MyConn    
  77.              IF NOT RS.EOF THEN
  78.                  GET_SETTINGS = trim(RS(fldNAME))
  79.              ELSE
  80.                 GET_SETTINGS = ""   
  81.              END IF
  82.         RS.Close 
  83.         Set RS = Nothing
  84.     IF blOPEN = True THEN
  85.         MyConn.Close
  86.         Set MyConn = Nothing    
  87.     END IF
  88. END FUNCTION
  89.  
  90. ' Append desired log record
  91. FUNCTION APPEND_LOG(blOPEN, strLOGLINE, intID)
  92.  Dim SQL, tmpLOG
  93.     IF KEEP_LOGS = True THEN
  94.         IF blOPEN = True THEN
  95.             Call OPEN_DB()
  96.         END IF
  97.             tmpLOG = strLOGLINE
  98.             tmpLOG = APO(tmpLOG)
  99.             IF Len(tmpLOG) > 150 THEN tmpLOG = mid(tmpLOG,1,150)
  100.             SQL = "INSERT INTO nm_tbl_logs (fldLOG, fldAID) VALUES ('" & tmpLOG & "'," & intID & ")"
  101.             MyConn.Execute SQL
  102.         IF blOPEN = True THEN
  103.             MyConn.Close
  104.             Set MyConn = Nothing    
  105.         END IF
  106.     END IF        
  107. END FUNCTION
  108.  
  109. ' Split the security levels into an array
  110. FUNCTION CREATE_SECURITY()
  111.     arrLEVEL = Split(Session("LEVEL"),",")
  112. END FUNCTION
  113.  
  114. ' Count articles for the public side
  115. FUNCTION NEWS_COUNTER(VAL_ID)
  116. Dim SQL, RS
  117.     IF DB_TO_USE = 1 OR DB_TO_USE = 3 THEN
  118.         SQL = "SELECT COUNT(ID) AS C_COUNT FROM nm_tbl_news_cate WHERE (fldNEWS_ID IN (SELECT ID FROM nm_tbl_news WHERE (fldACTIVE = 1) AND (Now() BETWEEN fldPOSTED AND fldEXPIRES))) AND nm_tbl_news_cate.fldCATE_ID = " & VAL_ID
  119.     ELSE
  120.         SQL = "SELECT COUNT(ID) AS C_COUNT FROM nm_tbl_news_cate WHERE (fldNEWS_ID IN (SELECT ID FROM nm_tbl_news WHERE (fldACTIVE = 1) AND (GetDate() BETWEEN fldPOSTED AND fldEXPIRES))) AND nm_tbl_news_cate.fldCATE_ID = " & VAL_ID
  121.     END IF
  122.     Set RS = Server.CreateObject("ADODB.Recordset")
  123.     RS.LockType   = 1
  124.     RS.CursorType = 0
  125.     RS.Open SQL, MyConn    
  126.          IF NOT RS.EOF THEN
  127.              NEWS_COUNTER = trim(RS("C_COUNT"))
  128.          ELSE
  129.             NEWS_COUNTER = "0"   
  130.          END IF
  131.     RS.Close 
  132.     Set RS = Nothing 
  133. END FUNCTION
  134.  
  135. FUNCTION CREATE_LINK()
  136.     Dim TMP            
  137.     SELECT CASE LEVEL
  138.         CASE "1"
  139.             TMP = "category_nested.asp?PID=" & CID & "&level=2"
  140.         CASE "2"
  141.             TMP = "category_nested.asp?PID=" & CPID & "&SID=" & CID & "&level=3"
  142.         CASE "3"
  143.             TMP = "category_nested.asp?PID=" & CPID & "&SID=" & CSID & "&level=4" & "&fID=" & CID
  144.     END SELECT                        
  145.     CREATE_LINK = TMP
  146. END FUNCTION
  147.  
  148. FUNCTION GET_NAME(SQL_MY)
  149.     Dim RS
  150.     Set RS = Server.CreateObject("ADODB.Recordset")
  151.     RS.LockType   = 1
  152.     RS.CursorType = 0
  153.     RS.Open SQL_MY, MyConn    
  154.          IF NOT RS.EOF THEN
  155.              GET_NAME = trim(RS("fldNAME"))
  156.          ELSE
  157.              GET_NAME = ""
  158.          END IF
  159.     RS.Close 
  160.     Set RS = Nothing    
  161. END FUNCTION
  162.  
  163. FUNCTION RFC822(dDate,iOffset)
  164.     Dim d
  165.     d = DateAdd("h",-iOffset,dDate)
  166.     RFC822 = Left(WeekDayName(WeekDay(d)),3) & ", " & Right(String(2,"0") & Day(d),2) & " " & Left(MonthName(Month(d)),3) & " " & Year(d) & " " & Right(String(2,"0") & Hour(d),2) & ":" & Right(String(2,"0") & Minute(d),2) & ":" & Right(String(2,"0") & Second(d),2) & " " & "GMT"
  167. END FUNCTION    
  168.  
  169. PRIVATE FUNCTION GET_CATES(NID)
  170.     Dim SQL, RS, strRES
  171.  
  172.     SQL = "SELECT ID, fldNAME FROM nm_tbl_cate WHERE ID IN (SELECT fldCATE_ID FROM nm_tbl_news_cate WHERE fldNEWS_ID = " & NID & ")"
  173.     Set RS = Server.CreateObject("ADODB.Recordset")
  174.     RS.LockType   = 1
  175.     RS.CursorType = 0
  176.     RS.Open SQL, MyConn    
  177.          WHILE NOT RS.EOF             
  178.             strRES = strRES & "<a href='" & APPLICATION_URL & "TopicCategoryView.asp?CID=" & trim(RS("ID")) & "'>" & trim(RS("fldNAME")) & "</a>, "            
  179.             RS.MoveNext
  180.          WEND
  181.     RS.Close 
  182.     Set RS = Nothing    
  183.     IF NOT (strRES = "" OR IsnUll(strRES)) THEN strRES = Mid(strRES,1, Len(strRES)-2)    
  184.     GET_CATES = strRES
  185. END FUNCTION
  186.  
  187.  
  188. FUNCTION ReplaceAuthorTokens(AID, TEXT)
  189.     Dim SQL, RS, NAME, EMAIL, BIO, WEB, IMAGE
  190.  
  191.     IF IS_VALID_ID(AID) THEN
  192.         SQL = "SELECT fldNAME, fldEMAIL, fldWEB, fldIMAGE, fldBIO FROM nm_tbl_agent WHERE ID = " & AID
  193.         Set RS = Server.CreateObject("ADODB.Recordset")
  194.         RS.LockType   = 1
  195.         RS.CursorType = 0
  196.         RS.Open SQL, MyConn    
  197.              IF NOT RS.EOF THEN
  198.                  NAME = trim(RS("fldNAME")) & ""
  199.                 EMAIL = trim(RS("fldEMAIL")) & ""
  200.                 WEB = trim(RS("fldWEB")) & ""
  201.                 IMAGE = trim(RS("fldIMAGE")) & ""
  202.                 BIO = trim(RS("fldBIO")) & ""
  203.              ELSE
  204.                  NAME = ""
  205.                 EMAIL = ""
  206.                 WEB = ""
  207.                 IMAGE = ""
  208.                 BIO = ""
  209.              END IF
  210.         RS.Close 
  211.         Set RS = Nothing
  212.  
  213.         TEXT = Replace(TEXT, "%NAME%", NAME)
  214.         TEXT = Replace(TEXT, "%EMAIL%", "<a href='mailto:" & EMAIL & "'>" & EMAIL & "</a>")
  215.         TEXT = Replace(TEXT, "%BIO%", BIO)
  216.         TEXT = Replace(TEXT, "%WEB%", "<a href='" & WEB & "' target='_blank'>" & WEB & "</a>")
  217.         TEXT = Replace(TEXT, "%IMAGE%", "<img src='" & IMAGE & "' border='0' width='48' />")
  218.     END IF
  219.  
  220.     ReplaceAuthorTokens = TEXT    
  221. END FUNCTION    
  222.  
  223.  
  224. %> 
Apr 13 '07 #9

100+
P: 114
and this one is the config.asp file, i havn't included all, since i don't think you'll need to see the email parts, this is the database part,


Expand|Select|Wrap|Line Numbers
  1. <% Dim MyConn, APPLICATION_URL, arrLEVEL, SAFE_EXTENSIONS_ONLY, KEEP_LOGS, DB_TO_USE, ALL_ARTICLES_PAGE_SIZE, SET_EMAIL_COMP, SHOW_AUTHOR
  2.    Dim SEARCH_METHOD, SEARCH_IN, SEARCH_MODE, SEARCH_FOR
  3.  
  4.    Session.LCID = 1033
  5.  
  6.  
  7.  
  8.      ' Set to URL where the application is installed, include the last back slash
  9.      APPLICATION_URL = "http://www.myweblog.com/"
  10.  
  11.         ' Email Component to use, chose one and assigned SET_EMAIL_COMP it's value.
  12.         ' The last 3 contain different setting for CDOSYS component, try all until 1 works.
  13.         '1  = AB Mailer
  14.         '2  = Persits
  15.         '3  = SMTPsvg
  16.         '4  = CDONTS   < Set as default
  17.         '5  = CDO
  18.         '6  = JMail
  19.         '7  = Dundas
  20.         '8  = CDOSYS - Windows 2003 Server
  21.         '9  = CDOSYS - Windows 2003 Server
  22.         '10 = CDOSYS - Windows 2003 Server
  23.         SET_EMAIL_COMP = 8    
  24.  
  25.         ' Set to 1 if you are using MS Access, set to 2 if you are using MS SQL database, 3 for MySQL
  26.         DB_TO_USE = 1
  27.  
  28.         ' Set to True to only allow "safe" files to be uploaded: (jpeg, jpg, gif, png, art, swf)
  29.         ' Set to False to allow uploading of all files, including scripts (security risk)
  30.         SAFE_EXTENSIONS_ONLY = True
  31.  
  32.         ' Set to True to keep activity logs for all agents
  33.         ' Set to False to not to collect the activity logs
  34.         KEEP_LOGS = True
  35.  
  36.  
  37.       ' SET YOUR DATABASE CONNECTION 
  38.      SUB OPEN_DB()
  39.  
  40.  
  41.    ' ... As entered by the set-up utility ....................
  42.  
  43.     Set MyConn = Server.CreateObject("ADODB.Connection")
  44.     MyConn.Open "PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE=e:\domains\i\myweblog.com\user\private\_Common_iNP_MMS-(new).mdb;"
  45.  
  46.    ' .........................................................    
  47.  
  48.  
  49.  
  50.    ' << MS Access Options >>
  51.  
  52.              '  DIRECT PATH 
  53.  
  54.     'Set MyConn = Server.CreateObject("ADODB.Connection")
  55.              'MyConn.Open "PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE=C:\Inetpub\wwwroot\iNEWS\DB\iNP.mdb;"
  56.  
  57.           '  DSN CONNECTION
  58.        'Set MyConn = Server.CreateObject("ADODB.Connection")
  59.        'MyConn.open = "DSN=INP"
  60.  
  61.           '  MapPath CONNECTION
  62.        'Set MyConn = Server.CreateObject("ADODB.Connection")
  63.        'MyConn.Open "PROVIDER=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("\path\iNEWS\db\iNP.mdb") & ";Persist Security Info=False"
  64.  
  65.  
  66.  
  67.    ' << MS SQL Option >>
  68.  
  69.           '  MS-SQL CONNECTION
  70.        'Set MyConn = Server.CreateObject("ADODB.Connection")
  71.        'MyConn.Open "Provider=sqloledb;Network Library=DBMSSOCN;Data Source=MSSQLSERVER,1433;Initial Catalog=DATABASENAME;User ID=USERNAME;Password=PASSWORD;"
  72.  
  73.  
  74.  
  75.    ' << MySQL Option >>
  76.  
  77.           '  MySQL CONNECTION
  78.        'Set MyConn = Server.CreateObject("ADODB.Connection")
  79.        'MyConn.Open "Driver={MySQL ODBC 3.51 Driver}; Server=MYSQLSERVERADDRESS; uid=USERNAME; pwd=PASSWORD; database=DATABASENAME; option=3; port=3306;"           
  80.  
  81.  
  82.      END SUB  
  83.  
  84.  
  85.    %>
Apr 13 '07 #10

jhardman
Expert 2.5K+
P: 3,405
There are four functions in the inc_api.asp file about which you need to worry. I didn't read too carefully about what they each do (they apparently have slightly different functions, but they could each cause the problem and probably work together). In the APO(), APO_LAX(), and APO_INJ() there is a line near the end like this:
Expand|Select|Wrap|Line Numbers
  1. APO = tmpSTR
Change that to the following (in all three functions):
Expand|Select|Wrap|Line Numbers
  1. 'APO = tmpSTR
  2. APO = val
  3. 'or "APO_LAX = val" etc
The other function about which I'm worried is the STRIP_CODE() function. I believe this checks for certain characters and if found, deletes them from the comment. Don' t do anyhting to it right now, but if the "greater than" and "less than" brackets are gone entirely, this is what we need to fix next.

Jared
Apr 13 '07 #11

100+
P: 114
Jared, i've made the 3 changes to the inc_api file, just to be sure, this is what they look like now. I just want to mention, that the middle one doesn't have "END IF" as the other ones do.

Expand|Select|Wrap|Line Numbers
  1. PRIVATE FUNCTION APO(val)
  2.     Dim tmpSTR
  3.     tmpSTR = val
  4.     IF NOT tmpSTR = "" THEN
  5.         tmpSTR = Replace(Trim(tmpSTR),chr(34),"&quot;")
  6.      tmpSTR = Replace(Trim(tmpSTR),"'","''")
  7.         tmpSTR = Replace(Trim(tmpSTR),"<","&lt;")
  8.         tmpSTR = Replace(Trim(tmpSTR),">","&gt;")
  9.   IF DB_TO_USE = 3 THEN tmpSTR = Replace(Trim(tmpSTR),"\","\\")
  10.     END IF
  11.     APO = tmpSTR
  12.  APO = val 
  13. END FUNCTION
  14.  
  15.  
  16.  
  17. PRIVATE FUNCTION APO_LAX(val)
  18.  Dim strRES
  19.  strRES = Replace(Trim(val),"'","''")
  20.  IF DB_TO_USE = 3 THEN strRES = Replace(Trim(strRES),"\","\\")
  21.  APO_LAX = strRES
  22.  APO_LAX = val
  23. END FUNCTION
  24.  
  25. PRIVATE FUNCTION APO_INJ(val)
  26.     Dim tmpSTR
  27.     tmpSTR = val
  28.     IF NOT tmpSTR = "" THEN
  29.   tmpSTR = Replace(Trim(tmpSTR),chr(34),"&quot;")
  30.         tmpSTR = Replace(Trim(tmpSTR),"<","&lt;")
  31.         tmpSTR = Replace(Trim(tmpSTR),">","&gt;")
  32.   IF DB_TO_USE = 3 THEN tmpSTR = Replace(Trim(tmpSTR),"\","\\")
  33.     END IF
  34.     APO_INJ = tmpSTR
  35.  APO_INJ = val
  36. END FUNCTION

this is what the comments look like now, here is the code for the "comment part" as displayed on the webpage



Expand|Select|Wrap|Line Numbers
  1.   <tr>
  2.         <td height="309" table colspan="4" valign="top"><strong>This is a test message</strong> <br />
  3.             <br />
  4.             <span class="style5">cynthia - manhattan - Sweden - Monday, April 09, 2007 - 10:33:11 PM</span><br />
  5.             <br />
  6.             <!--change the distance between bottom nav and comment body in the height here,-->
  7.             <div style="width:100%;height:85%;overflow:auto"' border=0>I am testing the rich text editor. <br />&lt;DIV&gt;&nbsp;&lt;/DIV&gt;<br />&lt;DIV&gt;&lt;STRONG&gt;This is supposed to be bold&lt;/STRONG&gt;&lt;/DIV&gt;<br />&lt;DIV&gt;&nbsp;&lt;/DIV&gt;<br />&lt;DIV&gt;&lt;FONT color=#ff0000&gt;this is supposed to be red text&lt;/FONT&gt;&lt;/DIV&gt;</div></td>
  8.       </tr>

and this is what the comment looks like copied and pasted as it shows on the web


This is a test message

cynthia - manhattan - Sweden - Monday, April 09, 2007 - 10:33:11 PM

I am testing the rich text editor.
<DIV> </DIV>
<DIV><STRONG>This is supposed to be bold</STRONG></DIV>
<DIV> </DIV>
<DIV><FONT color=#ff0000>this is supposed to be red text</FONT></DIV>
Apr 13 '07 #12

jhardman
Expert 2.5K+
P: 3,405
Jared, i've made the 3 changes to the inc_api file, just to be sure, this is what they look like now. I just want to mention, that the middle one doesn't have "END IF" as the other ones do.

Expand|Select|Wrap|Line Numbers
  1. PRIVATE FUNCTION APO(val)
  2.     Dim tmpSTR
  3.     tmpSTR = val
  4.     IF NOT tmpSTR = "" THEN
  5.         tmpSTR = Replace(Trim(tmpSTR),chr(34),"&quot;")
  6.      tmpSTR = Replace(Trim(tmpSTR),"'","''")
  7.         tmpSTR = Replace(Trim(tmpSTR),"<","&lt;")
  8.         tmpSTR = Replace(Trim(tmpSTR),">","&gt;")
  9.   IF DB_TO_USE = 3 THEN tmpSTR = Replace(Trim(tmpSTR),"\","\\")
  10.     END IF
  11.     APO = tmpSTR
  12.  APO = val 
  13. END FUNCTION
You need to put in a single quote mark (apostrophe) like this:
Expand|Select|Wrap|Line Numbers
  1.     'APO = tmpSTR
  2.     APO = val 
  3. END FUNCTION
  4.  
Check that. I will go back over your code to see if there is anyhting else I missed, but try that and tell me if it works.

Jared
Apr 14 '07 #13

100+
P: 114
You need to put in a single quote mark (apostrophe) like this:
Expand|Select|Wrap|Line Numbers
  1.     'APO = tmpSTR
  2.     APO = val 
  3. END FUNCTION
  4.  
Check that. I will go back over your code to see if there is anyhting else I missed, but try that and tell me if it works.

Jared

Jared, before i add the apostrophe i want to mention something. After this you can tell me if you still want me to add the apostrophe as you said above.

i made a mistake yesterday. After i posted the code, i realised i just posted the code of the last message, which in the database had been altered already by the last api.asp file. What i should have done was posted a new message with the new code that you told me to add to the api.asp file.

I now posted a new message, and checked to see what it looks like, and it works, ie the tags are no longer there, however the formatting doesn't show. But it is an improvement, if you know what i mean. Anyway,. here is what it looks likes on the public side,
-----------


Saturday, April 14th test

cynthia - manhattan - Sweden - Saturday, April 14, 2007 - 8:30:57 AM

I am testing the rich text editor.

I want to see if the changes to the code work or not.

this is heading 2

this is supposed to be bold

this is italic

this is red text


this is a numbered list
this is a numbered list
this is a numbered list
this is a numbered list

and this below is the code which i got from "view source"



So do you still want me to add the apostrophe?

Another problem using a rich text editor brings is in the javascript "reply" button, which when clicked takes the user to the first page with a form for typing. This worked fine without, the rich text editor. However i notice that now if you click it, it doesn't seem to work...or works slowly, .here is the full code
Expand|Select|Wrap|Line Numbers
  1.    <span class="style5">cynthia - manhattan - Sweden - Saturday, April 14, 2007 - 8:30:57 AM</span><br />
  2.             <br />
  3.             <!--change the distance between bottom nav and comment body in the height here,-->
  4.             <div style="width:100%;height:85%;overflow:auto"' border=0>I am testing the rich text editor.<br />&nbsp;<br />I want to see if the changes to the code work or not.<br />&nbsp;<br />this is heading 2<br />&nbsp;<br />this is supposed to be bold<br />&nbsp;<br />this is italic<br />&nbsp;<br />this is red text<br />&nbsp;<br /><br />this is a numbered list<br />this is a numbered list<br />this is a numbered list<br />this is a numbered list</div></td>
  5.       </tr>
  6.       <tr>
  7.         <td width="20%" height="38" align="left" valign="middle">
  8.             <a href="javascript:Respond();" class="keyplayersmall style6">Post Reply</a>
  9.  
  10.         &nbsp;</td>
  11.             <td width='20%' height='38' align='left' valign='middle'>
  12. <a href="javascript:popwindow('_email.asp?ID=152&amp;AID=35','name','450','410','230','200');"><img src='comment_imgs/e_email.gif' width='49' height='12' alt='' border='0' /></a>
  13.  
  14.  
  15. &nbsp;</td>        
  16.           &nbsp;</td>
  17.         <td width="40%" height="38" align="center" valign="middle">
  18.             <a href="_comment_view.asp?ID=151&amp;AID=35"><img src="comment_imgs/button-last.gif" width="52" height="19" alt="" border="0" /></a>
  19.  
  20.           &nbsp;
  21.  
  22.         &nbsp;</td>
  23.         <td width="20%" height="38" align="right" valign="middle"><a href="javascript:window.close();"><img src="comment_imgs/e_close.gif" width="47" height="12" alt="" border="0" /></a>&nbsp;</td>
  24.       </tr>
  25.     </table>
  26.  <script langauge="javascript">
  27. function Respond(){
  28. opener.document.frm3.subject.value="RE:Saturday, April 14th test";
  29. opener.document.frm3.comment.focus();
  30.  
  31. }
  32.               </script>
  33.  
  34.     </body></html>
Apr 14 '07 #14

jhardman
Expert 2.5K+
P: 3,405
Karen,

Ahhh. Hmmm. We are going in the right direction then, but not quite there. Add the apostrophe, but it probaly won't change anything at this point.

Change the STRIP_CODE() function next. You are really doing the same thing you did in the other functions, just turn the line that makes the change into a comment (by putting an apostrophe at the beginning) and add a line returning the same value that the function started with:
Expand|Select|Wrap|Line Numbers
  1. FUNCTION STRIP_CODE(strText)
  2.     Dim RegEx
  3.     Set RegEx = New RegExp
  4.     RegEx.Pattern = "<[^>]*>"
  5.     RegEx.Global = True
  6.     'STRIP_CODE = RegEx.Replace(strText, "")
  7.        STRIP_CODE = strText 'makes no change
  8.     Set RegEx = Nothing
  9. END FUNCTION
  10.  
Let me know as soon as you test it.

Jared
Apr 16 '07 #15

100+
P: 114
Karen,

Ahhh. Hmmm. We are going in the right direction then, but not quite there. Add the apostrophe, but it probaly won't change anything at this point.

Change the STRIP_CODE() function next. You are really doing the same thing you did in the other functions, just turn the line that makes the change into a comment (by putting an apostrophe at the beginning) and add a line returning the same value that the function started with:
Expand|Select|Wrap|Line Numbers
  1. FUNCTION STRIP_CODE(strText)
  2.     Dim RegEx
  3.     Set RegEx = New RegExp
  4.     RegEx.Pattern = "<[^>]*>"
  5.     RegEx.Global = True
  6.     'STRIP_CODE = RegEx.Replace(strText, "")
  7.        STRIP_CODE = strText 'makes no change
  8.     Set RegEx = Nothing
  9. END FUNCTION
  10.  
Let me know as soon as you test it.

Jared
Jared Thanks , i tested it, and it seems to work fine, and sometimes i get this error message, if i use a combo of the rich text editor functions.

Expand|Select|Wrap|Line Numbers
  1. Microsoft JET Database Engine error '80040e14' 
  2.  
  3. Syntax error (missing operator) in query expression ''<FONT size=4>Beirut - Former U.S. President Bill Clinton</FONT> <H5>says peace is possible </H5> <P><BR>between <STRONG>Israel and Syria</STRONG> if Iran and media were <EM>banned</EM> from closed-<U>door <BR></U>peace talks.<BR><BR> <HR> <BR>Clinto'. 
  4. /_comments.asp, line 35
i then check the line 35 code, and it is this:


Expand|Select|Wrap|Line Numbers
  1.    SQL = "SELECT fldTITLE, fldCONTENT, fldSUMMARY, nm_tbl_news.fldACTIVE AS ACTIVE, fldAID, fldPOSTED, fldEXPIRES, nm_tbl_news.fldIMAGE AS NIMAGE, fldALLOW_COMMENTS, fldALLOW_VOTING, fldCREATED, fldUPDATE, nm_tbl_agent.fldNAME AS ANAME, nm_tbl_news.fldAID AS AID, fldUSE_VIEW FROM nm_tbl_news, nm_tbl_agent WHERE (nm_tbl_agent.ID = nm_tbl_news.fldAID) AND (nm_tbl_news.fldACTIVE = 1) AND nm_tbl_news.ID = " & NID ' { AND (Now() - {GetDate()} BETWEEN fldPOSTED AND fldEXPIRES)) }
  2.         Set RS = Server.CreateObject("ADODB.Recordset")
  3.         RS.LockType   = 1
However, i don't use SQL i use access database, which must be one of the previous choices, i don't know.......??

Also Jared if you look at the code above and at the link which is "reply" this is a javascript function that takes you to the form to write a reply. Then check the javascript at the bottom and you will see, it is written so that the cursor should focus on the "comment" after filling in the subject field .
This worked before, but after adding the rich text editor, what happens is that the subject does get filled in, however, the cursor does not automatically point to the "comment" section.
Before it did, and when that happened, it reduced to window of the comment into the bar at the bottom. Now i have to manually do it. How do i correct this? any ideas? thanks Jared, you're a great help...
Apr 17 '07 #16

100+
P: 114
Jared, i've noticed if i copy and paste anything onto the page, i also get the error message above, and can't post the comment...
Apr 17 '07 #17

jhardman
Expert 2.5K+
P: 3,405
Jared Thanks , i tested it, and it seems to work fine, and sometimes i get this error message, if i use a combo of the rich text editor functions.

Expand|Select|Wrap|Line Numbers
  1. Microsoft JET Database Engine error '80040e14' 
  2.  
  3. Syntax error (missing operator) in query expression ''<FONT size=4>Beirut - Former U.S. President Bill Clinton</FONT> <H5>says peace is possible </H5> <P><BR>between <STRONG>Israel and Syria</STRONG> if Iran and media were <EM>banned</EM> from closed-<U>door <BR></U>peace talks.<BR><BR> <HR> <BR>Clinto'. 
  4. /_comments.asp, line 35
i then check the line 35 code, and it is this:


Expand|Select|Wrap|Line Numbers
  1.    SQL = "SELECT fldTITLE, fldCONTENT, fldSUMMARY, nm_tbl_news.fldACTIVE AS ACTIVE, fldAID, fldPOSTED, fldEXPIRES, nm_tbl_news.fldIMAGE AS NIMAGE, fldALLOW_COMMENTS, fldALLOW_VOTING, fldCREATED, fldUPDATE, nm_tbl_agent.fldNAME AS ANAME, nm_tbl_news.fldAID AS AID, fldUSE_VIEW FROM nm_tbl_news, nm_tbl_agent WHERE (nm_tbl_agent.ID = nm_tbl_news.fldAID) AND (nm_tbl_news.fldACTIVE = 1) AND nm_tbl_news.ID = " & NID ' { AND (Now() - {GetDate()} BETWEEN fldPOSTED AND fldEXPIRES)) }
  2.         Set RS = Server.CreateObject("ADODB.Recordset")
  3.         RS.LockType   = 1
However, i don't use SQL i use access database, which must be one of the previous choices, i don't know.......??
OK, First, I'm glad to hear that it worked so far. SQL stands for "Standard Query Language" or something close, it was not invented by microsoft, it is just the language with which you access a db. That is why a lot of programmers refer to Microsoft's program as MSSQL.

Anyway, it looks like the db is being queried with a long string to search for text from the original post. This is actually a really sloppy way to do it, the original post should have some type of key number which is easier to search for than the entire comment, but I digress. I am betting that the problem comes up when there is a quote mark in the comment. Just to be sure, immediately after the line where SQL is defined, add this:
Expand|Select|Wrap|Line Numbers
  1. response.write vbNewLine & "<!-- SQL: " & SQL & " -->" & vbNewLine
  2.  
This will print the entire SQL statement into an HTML comment. It will not be visible from the web page, but after you get the error if you right click the page and select "view source" from the pop-up menu, you will be able to read the SQL statement. (you can search for "<!-- SQL:" to find it quicker). Post the comment from a page that gave you an error.
Also Jared if you look at the code above and at the link which is "reply" this is a javascript function that takes you to the form to write a reply. Then check the javascript at the bottom and you will see, it is written so that the cursor should focus on the "comment" after filling in the subject field .
This worked before, but after adding the rich text editor, what happens is that the subject does get filled in, however, the cursor does not automatically point to the "comment" section.
Before it did, and when that happened, it reduced to window of the comment into the bar at the bottom. Now i have to manually do it. How do i correct this? any ideas? thanks Jared, you're a great help...
This is a javascript problem. Although I might be able to walk you through it, I might not do the best job. The problem is probably in the name of the editor. I don't mean "joes Editor" i mean "<textarea name='commentBox'>". The focus changing line is probably looking for the textarea with the old name. Anyway, that is where I would look.

Jared
Apr 18 '07 #18

100+
P: 114
Ok thanks Jared, i will add this line, but do you want me to add it in the api.asp page, or the page where ipost the comments which is _view.asp or the page where comments are read, which is _comments_view.asp.

It calls up the _comments.asp on error, as originally that was the page to write comments on. But i had changed that so readers were taken back to the first form on the view.asp page, that is where the form to post comments is.

So is that where i add the function? there are about 3 different databases setup, and i think i use the first option
Apr 18 '07 #19

100+
P: 114
Jared, what i've done below is given you most of the code on the _view_asp page, this has the databases and all the other things i have on the main article view page, like the way the article is placed, the comments, the comment form, the registration form, . I have not included some of the code for the things you may not need.
Expand|Select|Wrap|Line Numbers
  1. <!--#include file="inc_header.asp"-->
  2. <body OnLoad="initialiseWebWizRTE();">
  3.  
  4.  
  5.     <% Dim SQL, RS, ID, TITLE, CONTENT, SUMMARY, POSTED, ALLOW_C, ALLOW_V, UPDATED, MESSAGE, VOTED, ALLOW_V_MAIN, _
  6.            ALLOW_C_MAIN, NID, AUTHOR, CATEGORIES, AID, USE_VIEW, NIMAGE
  7.           Dim CCOUNT, C_ID, C_NAME, C_EMAIL, C_COMMENT, C_DATE, C_SUBJECT, C_M_ID, C_ALLOW_E, C_CITY, C_COUNTRY, _
  8.               RCOUNT, RID, RTITLE, ACOUNT
  9.  
  10.  
  11.     NID   = Trim(Request.QueryString("ID"))
  12.     VOTED = Trim(Request.Cookies("NEWS_ARTICLE_" & NID))    
  13.     MEMBER_ID = Trim(Session("PMMS_ID"))    
  14.     IF Trim(Session("PMMS_IN")) = "True" THEN blLOGGED_IN = True    
  15.  
  16.     IF IS_VALID_ID(NID) THEN
  17.  
  18.         Call OPEN_DB() 
  19.  
  20.         SQL = "SELECT fldA_V, fldA_C FROM nm_tbl_settings WHERE ID = 1"
  21.         Set RS = Server.CreateObject("ADODB.Recordset")
  22.         RS.LockType   = 1
  23.         RS.CursorType = 0
  24.         RS.Open SQL, MyConn    
  25.              IF NOT RS.EOF THEN
  26.                  ALLOW_V_MAIN = trim(RS("fldA_V"))
  27.                 ALLOW_C_MAIN = trim(RS("fldA_C"))
  28.              END IF
  29.         RS.Close        
  30.  
  31.         SQL = "UPDATE nm_tbl_news SET fldVIEWS = fldVIEWS + 1 WHERE ID = " & NID
  32.         MyConn.Execute(SQL)
  33.  
  34.         SQL = "SELECT fldTITLE, fldCONTENT, fldSUMMARY, nm_tbl_news.fldACTIVE AS ACTIVE, fldAID, fldPOSTED, fldEXPIRES, nm_tbl_news.fldIMAGE AS NIMAGE, fldALLOW_COMMENTS, fldALLOW_VOTING, fldCREATED, fldUPDATE, nm_tbl_agent.fldNAME AS ANAME, nm_tbl_news.fldAID AS AID, fldUSE_VIEW FROM nm_tbl_news, nm_tbl_agent WHERE (nm_tbl_agent.ID = nm_tbl_news.fldAID) AND (nm_tbl_news.fldACTIVE = 1) AND nm_tbl_news.ID = " & NID ' { AND (Now() - {GetDate()} BETWEEN fldPOSTED AND fldEXPIRES)) }
  35.         Set RS = Server.CreateObject("ADODB.Recordset")
  36.         RS.LockType   = 1
  37.         RS.CursorType = 0
  38.         RS.Open SQL, MyConn    
  39.              IF NOT RS.EOF THEN
  40.                  TITLE   = trim(RS("fldTITLE"))
  41.                 CONTENT = trim(RS("fldCONTENT"))
  42.                 SUMMARY = trim(RS("fldSUMMARY"))
  43.                 POSTED  = trim(RS("fldPOSTED"))
  44.                 ALLOW_C = trim(RS("fldALLOW_COMMENTS"))
  45.                 ALLOW_V = trim(RS("fldALLOW_VOTING"))
  46.                 UPDATED = trim(RS("fldUPDATE"))
  47.                 AUTHOR  = trim(RS("ANAME"))
  48.                 AID     = trim(RS("AID"))
  49.                 USE_VIEW= trim(RS("fldUSE_VIEW"))
  50.                 NIMAGE  = trim(RS("NIMAGE"))                
  51.              ELSE   
  52.                 MESSAGE = MESSAGE & "<li />This article is currently not available."
  53.              END IF
  54.         RS.Close 
  55.  
  56.         CONTENT = ReplaceAuthorTokens(AID, CONTENT)        
  57.         CATEGORIES = GET_CATES(NID)
  58.  
  59.         ' Get settings
  60.         Dim DATE_F
  61.         DATE_F = GET_SETTINGS(False, "fldDATE_F")        
  62.  
  63.         TITLE = PROCESS_SHORTCUTS(False, TITLE)
  64.         CONTENT = PROCESS_SHORTCUTS(False, CONTENT)
  65.         SUMMARY = PROCESS_SHORTCUTS(False, SUMMARY)
  66.  
  67.     ELSE
  68.  
  69.       MESSAGE = MESSAGE & "<li />No article has been found."
  70.  
  71.     END IF
  72.     %>
  73.  
  74.     <% IF NOT MESSAGE = "" THEN %>
  75.         <!--#include file="inc_error.asp"-->
  76.  
  77.         <% Response.End %>
  78.     <% END IF %>            
  79.  
  80.  
  81.  
  82.  
  83.     <%IF USE_VIEW = "1" THEN ' News Agency Template %>        
  84.  
  85.  
  86.  
  87.  
  88.             <table width="760" align="left" cellpadding="2" cellspacing="0" border="0"><tr>
  89.                 <td width="190" valign="top">
  90.                     <!-- Left Column -->
  91.                         <img src="pixel.gif" width="190" height="1" alt="" border="0" />
  92.  
  93.                         <%IF NOT (NIMAGE = "" OR IsNUll(NIMAGE)) THEN%>                        
  94.                             <img src="<%=NIMAGE%>" border="1" width="60" height="50"/> <br /><br />                        
  95.                             <hr noshade size="1" width="170" style="border-bottom: 1px dotted #A5AEC5;margin: 0;padding: 0;">
  96.                             <br /><br />                        
  97.                         <%END IF%>                        
  98.  
  99.  
  100.                         <img src="images1/header_related.gif" width="86" height="35" alt="" border="0" /><br /><br />
  101.                         <%
  102.                         IF DB_TO_USE = 1 OR DB_TO_USE = 3 THEN
  103.                             SQL = "SELECT ID, fldTITLE FROM nm_tbl_news WHERE ((fldACTIVE = 1) AND (Now() BETWEEN fldPOSTED AND fldEXPIRES)) AND (ID IN (SELECT fldCID FROM nm_tbl_relations WHERE fldPID = " & NID & "))"
  104.                         ELSE
  105.                             SQL = "SELECT ID, fldTITLE FROM nm_tbl_news WHERE ((fldACTIVE = 1) AND (GetDate() BETWEEN fldPOSTED AND fldEXPIRES)) AND (ID IN (SELECT fldCID FROM nm_tbl_relations WHERE fldPID = " & NID & "))"
  106.                         END IF                                
  107.                         Set RS = Server.CreateObject("ADODB.Recordset")
  108.                         RS.LockType   = 1
  109.                         RS.CursorType = 0
  110.                         RS.Open SQL, MyConn    
  111.                         WHILE NOT RS.EOF 
  112.                             RCOUNT = RCOUNT + 1
  113.                             %><img src="images1/bullet_light.gif" width="4" height="8" alt="" border="0" /> <a class="RelatedArticle" href="view.asp?ID=<%=trim(RS("ID"))%>"><%=trim(RS("fldTITLE"))%></a><br />
  114.                             <%
  115.                             RS.MoveNext
  116.                         WEND
  117.                         RS.Close 
  118.                         Set RS = Nothing
  119.                         IF RCOUNT = 0 THEN%>There are no related articles.<% End If %>            
  120.                         <br /><br />
  121.  
  122.                         <a href="#TalkBack"><img src="talkback_view.gif" width="141" height="43" alt="" border="0" /></a>
  123.                         <br /><br />
  124.  
  125.  
  126.                         </tr></table>
  127.                         Filed under  <em><%=CATEGORIES%></em> on <%= FormatDateTime(POSTED,DATE_F) %><%IF SHOW_AUTHOR = True THEN%> By: <%=AUTHOR%><%END IF%>.
  128.                         <hr size="1" style="color: WhiteSmoke;height: 1px;width: 100%;" /><br />
  129.  
  130.                         <p><%= CONTENT %></p>
  131.                         <br /><br />
Apr 18 '07 #20

100+
P: 114
and continued .......




<a href="#TalkBack"><img src="talkback_7.gif" width="141" height="43" alt="" border="0" /></a>
<br /><br />

<%

SQL = "SELECT ID, fldNAME, fldCOMMENT, fldDATE, fldSUBJECT, fldM_ID, fldCITY, fldCOUNTRY, fldALLOW, fldEMAIL FROM nm_tbl_comment WHERE fldNEWS_ID = " & NID & " ORDER BY ID ASC"
Set RS = Server.CreateObject("ADODB.Recordset")
RS.LockType = 1
RS.CursorType = 0
RS.Open SQL, MyConn
WHILE NOT RS.EOF
CCOUNT = CCOUNT + 1
C_ID = trim(RS("ID"))

C_NAME = trim(RS("fldNAME"))
C_COMMENT = trim(RS("fldCOMMENT"))
C_SUBJECT = trim(RS("fldSUBJECT"))
C_M_ID = trim(RS("fldM_ID"))
C_DATE = trim(RS("fldDATE"))
C_CITY = trim(RS("fldCITY"))
C_COUNTRY = trim(RS("fldCOUNTRY"))
C_ALLOW_E = trim(RS("fldALLOW"))
C_EMAIL = trim(RS("fldEMAIL"))

%>
<table width="100%" cellpadding="2" cellspacing="0" border="0"><tr>
<td colspan="2"><a class="CommentLink" href="_comment_view.asp?ID=<%=C_ID%>&amp;AID=<%=NI D%>" onClick="NewWindow(this.href,'name','450','410','Y es')"><%=C_SUBJECT%></a>,</td>
</tr><tr>
<td width="100%"><%IF Trim(C_ALLOW_E) = "1" THEN%><a class="CommentLink" href="_email.asp?ID=<%=C_ID%>&amp;AID=<%=NID%>" onClick="NewWindow(this.href,'name','450','410','Y es')">
<img src="images1/img_sendto.gif" width="14" height="9" alt="" border="0" /></a>&nbsp;<%END IF%> <%= C_NAME %> - <%=C_CITY%> - <%=C_COUNTRY%> - <%=FormatDateTime(C_DATE,2)%> - <%=FormatDateTime(C_DATE,3)%></td>
</tr></table>
<br /><br />

<%
RS.MoveNext
WEND
RS.Close
Set RS = Nothing
%>

<br />




<% IF blLOGGED_IN = True THEN %>

<br /><br />

<table width="430" TD BACKGROUND="sinaismall.JPG"
bgcolor="white" cellpadding="2" cellspacing="0" border="0" width="100%"><tr>
<td style="padding: 20px;">

<br /><br />

<table align="center" width="400" cellpadding="2" cellspacing="0" border="0">
<form action="_comments.asp?ID=<%=NID%>" method="post" name="frm3" onSubmit="return ValidateComment()">
<tr>
<td width="100">Name</td>
<td width="300"><%=Session("PMMS_USERNAME")%></td>
</tr><tr>
<td>Country</td>
<td width="300"><%=Session("PMMS_COUNTRY")%></td>
</tr><tr>
<td>Subject*</td>
<td width="300"><input type="Text" name="subject" value="" maxlength="50" class="textbox" style="width: 100%"></td>
</tr><tr>
<td valign="top">Comment*</td>
<td width="300"><textarea rows="6" cols="50" name="comment" style="width: 100%;" class="textbox"></textarea><br />
<input type="Checkbox" name="allowE" value="1" />Allow readers to email me.
</td>
</tr><tr>
<td></td>
<td><input type="Submit" value="Leave Comment" /></td>
</tr>
<input type="Hidden" name="mode" value="set" /></form>
</table>
<br /><br />
<table cellpadding="2" cellspacing="0" width="100%"><tr>
<td>* - These fields are mandatory.</td>
<td align="right"><a href="http://www.myweblog.com/MMS/login.asp?logout=True" target="_parent">Click here to log out.</a></td>
</tr></table>
<br /><br />
</td>
</tr></table>

<br />

<% ELSE%>


You will need to register to post comments in the talkback.
<br /><br />





<br />
<a href="#TalkBack"><img src="talkback_view.gif" width="141" height="43" alt="" border="0" /></a>
<br /><br />


<%

SQL = "SELECT ID, fldNAME, fldCOMMENT, fldDATE, fldSUBJECT, fldM_ID, fldCITY, fldCOUNTRY, fldALLOW, fldEMAIL FROM nm_tbl_comment WHERE fldNEWS_ID = " & NID & " ORDER BY ID ASC"
Set RS = Server.CreateObject("ADODB.Recordset")
RS.LockType = 1
RS.CursorType = 0
RS.Open SQL, MyConn
WHILE NOT RS.EOF
CCOUNT = CCOUNT + 1
C_ID = trim(RS("ID"))

C_NAME = trim(RS("fldNAME"))
C_COMMENT = trim(RS("fldCOMMENT"))
C_SUBJECT = trim(RS("fldSUBJECT"))
C_M_ID = trim(RS("fldM_ID"))
C_DATE = trim(RS("fldDATE"))
C_CITY = trim(RS("fldCITY"))
C_COUNTRY = trim(RS("fldCOUNTRY"))
C_ALLOW_E = trim(RS("fldALLOW"))
C_EMAIL = trim(RS("fldEMAIL"))

%>
<table width="100%" cellpadding="2" cellspacing="0" border="0"><tr>
<td colspan="2"><a class="CommentLink" href="_comment_view.asp?ID=<%=C_ID%>&amp;AID=<%=NI D%>" onClick="NewWindow(this.href,'name','450','410','Y es');return false;"><%=C_SUBJECT%></a>,</td>
</tr><tr>


<td width="100%"><%IF Trim(C_ALLOW_E) = "1" THEN%><a class="CommentLink" href="_email.asp?ID=<%=C_ID%>&amp;AID=<%=NID%>" onClick="NewWindow(this.href,'name','450','410','Y es');return false;">
<img src="images1/img_sendto.gif" width="14" height="9" alt="" border="0" /></a>&nbsp;<%END IF%> <%= C_NAME %> - <%=C_CITY%> - <%=C_COUNTRY%> - <%=FormatDateTime(C_DATE,2)%> - <%=FormatDateTime(C_DATE,3)%></td>
</tr></table>
<br /><br />

<%
RS.MoveNext
WEND
RS.Close
Set RS = Nothing
%>

<br />



<% IF blLOGGED_IN = True THEN %>

<br /><br />

<table width="430" TD BACKGROUND="sinaismall.JPG"
bgcolor="white" cellpadding="2" cellspacing="0" border="0" width="100%"><tr>
<td style="padding: 20px;">

We reserve the right to delete comments that do not conform to our code of conduct.


<table align="center" width="400" cellpadding="2" cellspacing="0" border="0">
<form action="_comments.asp?ID=<%=NID%>" method="post" name="frm3" id="frm3" onSubmit="return ValidateComment()">
<tr>
<td width="100">Name</td>
<td width="300"><%=Session("PMMS_USERNAME")%></td>
</tr><tr>
<td>Country</td>
<td width="300"><%=Session("PMMS_COUNTRY")%></td>
</tr><tr>
<td>Subject*</td>
<td width="300"><input type="Text" name="subject" value="" maxlength="50" class="textbox" style="width: 100%"></td>
</tr><tr>




<%

'Declare the ASP variables used
Dim strFormName
Dim strTextAreaName

'ID tag name of the HTML form the textarea is within
strFormName = "frm3"

'ID tag name of HTML textarea being replaced
strTextAreaName = "comment"

%>




<td valign="top">Comment*</td>
<td width="300"> <!-- include the Web Wiz Rich Text Editor -->
<!--#include file="RTE_editor_inc.asp" --> <textarea name="comment" id="comment" rows="6" cols="50" style="width: 100%;" class="textbox"></textarea>




<input type="Checkbox" name="allowE" value="1" />Allow readers to email me.
</td>
</tr><tr>
<td></td>
<td><input type="Submit" value="Leave Comment" /></td>
</tr>
<input type="Hidden" name="mode" value="set" /></form>
</table>
<br /><br />
<table cellpadding="2" cellspacing="0" width="100%"><tr>
<td>* - These fields are mandatory.</td>
<td align="right"><a href="http://www.myweblog.com/MMS/login.asp?logout=True" target="_top">Click here to log out.</a></td>
</tr></table>
<br /><br />
</td>
</tr></table>

<br />

<% ELSE%>

<table cellpadding="2" cellspacing="0" border="0" width="430"><tr>
<td>
Click on the headline to read a Talkback comment and respond to it. Click on the
<img src="images1/img_sendto.gif" width="14" height="9" alt="" border="0" />
icon to send a private email to the talkback writer. .
</td>
</tr></table>
<br /><br />



<br />


<% END IF ' { IF USE_VIEW = "1" THEN ' News Agency Template } %>



<br /><br /><br />


<%
MyConn.close
Set MyConn = Nothing
%>

<!--#include file="inc_footerLinksOnly.asp"-->
Apr 18 '07 #21

jhardman
Expert 2.5K+
P: 3,405
Ok thanks Jared, i will add this line, but do you want me to add it in the api.asp page, or the page where ipost the comments which is _view.asp or the page where comments are read, which is _comments_view.asp.
Whichever page had the line "SQL = ..." a really long line which you identified as causing the error (I didn't follow which page it was in), line 34? put in the comment line immediately after that line.

Jared
Apr 19 '07 #22

100+
P: 114
Jared,

Yes it was the "" and ' which were causing the problems i think, as after i added that line, it seems to work now.

I first added it to the page where the comments are typed, and it didnt' do the trick, i then added it to the comments.asp page, the page which the syntax says is the error page, on line 35, i added it there, and it now works.

Thanks, obviously i'll test it more later, and hopefully no problems. thanks for this Jared, really appreciate it. But i'm just wondering, will the changed code affect my other setup in any way do you think?
Apr 19 '07 #23

100+
P: 114
Jared, the double quotes problem seems to have been solved, i can now use " " but i'm having a problem using the apostrophe, as in the word, can't or if i put the single quotes around a word like 'this'

"this works" but 'this doesn't' when i use 'this' i get this error message,

Expand|Select|Wrap|Line Numbers
  1. Microsoft JET Database Engine error '80040e14' 
  2.  
  3. Syntax error (missing operator) in query expression ''I am testing the rich text editor. I cannot use the apostrophe as in the word can't',Now(),'i think my IP was here',4,'RE:thursday evening','manhattan','Sweden',1)'. 
  4.  
  5. /_comments.asp, line 36 
The code i added before is here, do i need to add something to make the single quote (apostrophe) work? by the way, i'm not sure which of the 2 databases i use, so should i add the code to the top part as well?




Expand|Select|Wrap|Line Numbers
  1. IF MESSAGE = "" THEN
  2.                 COMMENT = STRIP_CODE(COMMENT)
  3.                 IF DB_TO_USE = 1 THEN ' MS Access 
  4.                     SQL = "INSERT INTO nm_tbl_comment (fldNEWS_ID, fldNAME, fldEMAIL, fldCOMMENT, fldDATE, fldIP, fldM_ID, fldSUBJECT, fldCITY, fldCOUNTRY, fldALLOW) VALUES (" & ID & ",'" & NAME & "','" & EMAIL & "','" & COMMENT & "',Now(),'" & APO(Request.ServerVariables("REMOTE_HOST")) & "'," & MEMBER_ID & ",'" & SUBJECT & "','" & CITY & "','" & COUNTRY & "'," & AllowE & ")"
  5.                 ELSE
  6.                     SQL = "INSERT INTO nm_tbl_comment (fldNEWS_ID, fldNAME, fldEMAIL, fldCOMMENT, fldDATE, fldIP, fldM_ID, fldSUBJECT, fldCITY, fldCOUNTRY, fldALLOW) VALUES (" & ID & ",'" & NAME & "','" & EMAIL & "','" & COMMENT & "',GetDate(),'" & APO(Request.ServerVariables("REMOTE_HOST")) & "'," & MEMBER_ID & ",'" & SUBJECT & "','" & CITY & "','" & COUNTRY & "'," & AllowE & ")"
  7.                     response.write vbNewLine & "<!-- SQL: " & SQL & " -->" & vbNewLine
  8.                 END IF                    
  9.                 Call OPEN_DB()
  10.                 MyConn.Execute SQL
  11.                 MyConn.close     
  12.                 Set MyConn = Nothing
  13.             END IF
  14.  
  15.         ELSE
Apr 19 '07 #24

jhardman
Expert 2.5K+
P: 3,405
put it right after the "end if" That way you catch both of them.
Apr 23 '07 #25

100+
P: 114
put it right after the "end if" That way you catch both of them.
I tried putting it right after both "end if" but still persists
Apr 23 '07 #26

100+
P: 114
Jared, i don't this line will solve the problem as i just tried something. I took out this line

Expand|Select|Wrap|Line Numbers
  1.  response.write vbNewLine & "<!-- SQL: " & SQL & " -->" & vbNewLine  
and i could still post message using double quotes, thus i think i was wrong before when i said it worked. I think i must have mistook single quotes for double.

the double quotes work but the single ones don't. and even without the single line code above, the double quotes go through.

I think the code needs to be added somewhere else, and i'm only having problems with single quotes. They won't get posted, ie. they won't get added to the database, from the form which submits the comments. The form that submits the comments is in the "view.asp" page,

Another problem i noticed is that if i use double quotes in the subect line, they show OK, but when i click reply, usually the data is submitted to the reply form to type out the comment, but if there is a double quote in the sujbect , that part won't get submitted and is blank,

damn, why is all this so confusing?

thanks anyway Jared,
Apr 23 '07 #27

jhardman
Expert 2.5K+
P: 3,405
Jared, i don't this line will solve the problem as i just tried something. I took out this line

Expand|Select|Wrap|Line Numbers
  1.  response.write vbNewLine & "<!-- SQL: " & SQL & " -->" & vbNewLine  
Sorry I wasn't clear. This line isn't supposed to solve the problem, it is meant to help troubleshoot. Leave it in, then go to a page that gives you an error. Right click and select "View source" from the pop-up menu. Scroll to the bottom of the source code and there should be a comment right before the error message starts:
Expand|Select|Wrap|Line Numbers
  1. <!-- SQL: ... -->
Show me the comment AND the error

Jared
Apr 23 '07 #28

P: 30
dude,

this kind of "problems" are by design: See HTML is an ascii based protocol, which means it has only a set of ~128 symbols are allowed when writing it (so esape codes express the rest of the symbols you may want).

Normally an ascii character will be printed out just the way you wrote it in your HTML, for example the ascii character "a" will be output as the lower case character "a". HOWEVER in HTML there are some special characters, like "<", ">", and "&", that aren't output to screen because they are treated as special characters.

With these characters you can build what are called HTML tags, and escape codes. These "control characters", when unescaped, control things like the color, font, and placement of text and other elements in your page. If you want, say, the character "<" to appear in your HTML page, you can't just write it, you need to escape it. A browser will translate the sequence "&lt;" (sans the quotes) as the character "<" and render a "<" character to the screen. However a browser that encounters an actual unescaped "<" character will think you are opening up an HTML tag.

What your rich text editor does is wrap portions of the text you write between tags to style your text. However, there is a potential security issue here because people could introduce a "comment" in your guestbook that actually executes a javascript script. (for example, search for cross-site scripting, or XSS, in wikipedia). These kinds of attacks are very dangerous as they can steal cookies from active web sessions, etc...

It is because of this reason that some servers by default will "HTMLencode" what you upload, this is to say: any special characters will be escaped so that when read back from the store they won't have a special meaning ( a "<" character will be translated to "&lt;" and stored like that in the database). What's happening in your case is that the rich text editor sends the text in "ok" form, but the ASP server is protecting itself from possible attacks and HTMLencoding everything you send to it.

In the case of ASP.NET, What you want to do here is read the "raw" text property from your input boxes into the server store. ASP.NET will complain that there is a vulnerability here. So what you do is you set the "ValidateRequest" property equal to "false", (you do this at the top of your asp.net page). However, If I were you I'd have a simple parsing function that would invalidate any comment that had a <script> tag on it in any form.

I don't know what the equivalent of this property is in plain ASP (I got here in the .NET days), but I'm sure you should look for something similar, or just migrate to an ASP.NET server anyway.

Hope that helps
Apr 24 '07 #29

100+
P: 114
Sorry I wasn't clear. This line isn't supposed to solve the problem, it is meant to help troubleshoot. Leave it in, then go to a page that gives you an error. Right click and select "View source" from the pop-up menu. Scroll to the bottom of the source code and there should be a comment right before the error message starts:
Expand|Select|Wrap|Line Numbers
  1. <!-- SQL: ... -->
Show me the comment AND the error

Jared

OK on the page the error shows as

Syntax error (missing operator) in query expression ''<P><FONT face=Arial size=2>This is a test message. I cannot use apostrophe's in this comment. But i can use double quotes. If i use an apostrophe i get an error. </FONT></P>',Now(),'my isp here,4,'checking on tuesday ','manhattan','Sweden',1)'.

/_comments.asp, line 37

and when i view the source i get this,


Expand|Select|Wrap|Line Numbers
  1. <!-- SQL: INSERT INTO nm_tbl_comment (fldNEWS_ID, fldNAME, fldEMAIL, fldCOMMENT, fldDATE, fldIP, fldM_ID, fldSUBJECT, fldCITY, fldCOUNTRY, fldALLOW) VALUES (35,'cynthia','myemail@yahoo.co.uk','<P><FONT face=Arial size=2>This is a test message. I cannot use apostrophe's in this comment. But i can use double quotes. If i use an apostrophe i get an error. </FONT></P>',Now(),my isp. here,4,'checking on tuesday ','manhattan','Sweden',1) -->
  2.  <font face="Arial" size=2>
  3. <p>Microsoft JET Database Engine</font> <font face="Arial" size=2>error '80040e14'</font>
  4. <p>
  5. <font face="Arial" size=2>Syntax error (missing operator) in query expression ''&lt;P&gt;&lt;FONT face=Arial size=2&gt;This is a test message. I cannot use apostrophe's in this comment. But i can use double quotes. If i use an apostrophe i get an error. &lt;/FONT&gt;&lt;/P&gt;',Now(),my isp here i think ,4,'checking on tuesday ','manhattan','Sweden',1)'.</font>
  6. <p>
  7. <font face="Arial" size=2>/_comments.asp</font><font face="Arial" size=2>, line 37</font> 
Apr 24 '07 #30

jhardman
Expert 2.5K+
P: 3,405
OK! We are really almost there! Remember those three functions we changed early on? change the line we added to this:

APO = replace(val, "'", "'")


This replaces any apostrophes with a special character code which should be interpreted as an apostrophe.

Try it and let me know how it goes.

Jared
Apr 24 '07 #31

jhardman
Expert 2.5K+
P: 3,405
That didn't work! OK the second set of quote marks in the above code sample should contain an ampersand, a pound symbol, the number 39 and a semicolon. Every time I type this in this website converts it to an apostrophe, like this: ' Does it look right here?

Jared
Apr 24 '07 #32

100+
P: 114
That didn't work! OK the second set of quote marks in the above code sample should contain an ampersand, a pound symbol, the number 39 and a semicolon. Every time I type this in this website converts it to an apostrophe, like this: ' Does it look right here?

Jared

Jared you're right the first one didn't go through, the second code did go through however when the comment is viewed, it doesn't show an apostrophe, it shows those characters on the webpage, ie

when i added this to the inc_api.asp file


Expand|Select|Wrap|Line Numbers
  1.  END IF
  2.     'APO = tmpSTR
  3.     APO = replace(val, "'", "&39;")    
  4. END FUNCTION
this is what showed on the web page when i tried to look at the comment

check &39;go&39;

the words in the comment are actually "check go", but do you see? the ampersand, pound, etc. are showing.
Apr 25 '07 #33

100+
P: 114
Jared, just to let you know i tried it on the "APO=..." one first, and then tried changing all 3. The message goes through now, but when viewed, instead of the apostrophe, you see the 4 characters that i added.

This is what the code looks like now. Pls check it to see if i havn't missed out a comma or anything.....when i added the 4 characters



Expand|Select|Wrap|Line Numbers
  1. PRIVATE FUNCTION APO(val)
  2.     Dim tmpSTR
  3.     tmpSTR = val
  4.     IF NOT tmpSTR = "" THEN
  5.         tmpSTR = Replace(Trim(tmpSTR),chr(34),"&quot;")
  6.         tmpSTR = Replace(Trim(tmpSTR),"'","''")
  7.         tmpSTR = Replace(Trim(tmpSTR),"<","&lt;")
  8.         tmpSTR = Replace(Trim(tmpSTR),">","&gt;")
  9.         IF DB_TO_USE = 3 THEN tmpSTR = Replace(Trim(tmpSTR),"\","\\")
  10.     END IF
  11.     'APO = tmpSTR
  12.     APO = replace(val, "'", "&39;")    
  13. END FUNCTION
  14.  
  15. PRIVATE FUNCTION APO_LAX(val)
  16.     Dim strRES
  17.     strRES = Replace(Trim(val),"'","''")
  18.     IF DB_TO_USE = 3 THEN strRES = Replace(Trim(strRES),"\","\\")
  19.     'APO_LAX = strRES
  20.     APO_LAX = replace(val, "'", "&39;")
  21. END FUNCTION
  22.  
  23. PRIVATE FUNCTION APO_INJ(val)
  24.     Dim tmpSTR
  25.     tmpSTR = val
  26.     IF NOT tmpSTR = "" THEN
  27.         tmpSTR = Replace(Trim(tmpSTR),chr(34),"&quot;")
  28.         tmpSTR = Replace(Trim(tmpSTR),"<","&lt;")
  29.         tmpSTR = Replace(Trim(tmpSTR),">","&gt;")
  30.         IF DB_TO_USE = 3 THEN tmpSTR = Replace(Trim(tmpSTR),"\","\\")
  31.     END IF
  32.     'APO_INJ = tmpSTR
  33.     APO_INJ = replace(val, "'", "&39;")
  34. END FUNCTION
Apr 25 '07 #34

jhardman
Expert 2.5K+
P: 3,405
Sorry, I reported a bug since I couldn't post the characters correctly. I was a little worried because I knew there are different "pound" characters. I meant "#". I eventually found a workaround. Here are the four characters you need "&#39;"

Jared
Apr 25 '07 #35

100+
P: 114
Sorry, I reported a bug since I couldn't post the characters correctly. I was a little worried because I knew there are different "pound" characters. I meant "#". I eventually found a workaround. Here are the four characters you need "'"

Jared

Jared, thanks . My ftp server is down since yesterday, so i can't test this yet, but as soon as i can i will let you know if it works. I hope it does.

In the meantime, i wonder if you can add some input in the "reply button" thing which i mentioned above. I did actually post a separate thread, but no replies so far.
I'm sure it's a very simple focus problem,

http://www.thescripts.com/forum/showthread.php?p=2520690#post2520690

Thanks so much, good day.
Apr 26 '07 #36

100+
P: 114
OK, it works fine in the comments Jared, finally. And also if i use the apostrophe or double quotes in the subject line they show fine. The only problem now, is that when i click reply these 2 characters cause a problem described below.

All the special characters seem to work fine in the subject line, when i click reply, it fills in the "subject" line autmatically in the comment form.

1. if the subject line contains " ie. double quotes nothing gets transferred.

2. there is an apostrophe in the subject line, and you click reply, when it prefills the form in the parent page, it shows,

the 4 characters instead of the apostrophe. I tried typing them hear but an apostrophe appeared, so you know which ones i mean.

So do i need to add code somewhere else?

Thanks for all you've done so far Jared.
Apr 26 '07 #37

Post your reply

Sign in to post your reply or Sign up for a free account.