javascript rich text editor shows html tags in ASP text area

It is my guess that the problem is in the page that displays the comment rather than the page that saves the comment. When you display the comment, inside what HTML tags is it placed? In other words, do you show the comment like this:
[html]<table><tr><td><textarea>This is my comment to the irresposible
column published in your paper last week. How dare you print
such garbage? I was so insensed that I told all of my friends
to boycott your paper and switch to the <u>weekly world
news</u></textarea></td></tr></table>[/html]?

If possible, post the source code for one of the comment pages.

Jared

It is my guess that the problem is in the page that displays the comment rather than the page that saves the comment. When you display the comment, inside what HTML tags is it placed? In other words, do you show the comment like this:
[html]<table><tr><td><textarea>This is my comment to the irresposible
column published in your paper last week. How dare you print
such garbage? I was so insensed that I told all of my friends
to boycott your paper and switch to the <u>weekly world
news</u></textarea></td></tr></table>[/html]?

If possible, post the source code for one of the comment pages.

Jared

thank you Jared,

Here is the comment page, that opens up the database stored comments. It is an access database. I have made the part which shows the comment text Bold,

also on the page which has the form box where readers add the comments, i have to add a Javascript bodyonload command that initialises the rich text editor. I don't know if i have to add it here on this page too, this page is where the comment opens up in and is called "_comment_view.asp"

thank you Jared,

Here is the comment page, that opens up the database stored comments. It is an access database. I have made the part which shows the comment text Bold,

also on the page which has the form box where readers add the comments, i have to add a Javascript bodyonload command that initialises the rich text editor. I don't know if i have to add it here on this page too, this page is where the comment opens up in and is called "_comment_view.asp"

sorry jared, i made a mistake, in the previous post to you. I highlighted the wrong part. The part i should have highlighted is as below in bold. It is the text area where the comment show, and i think the rich text editor adds a lot of gunk to it, but i'm not sure, this is the rich text editor i'm using.
http://www.webwizguide.info/asp/samp...57&mode=aspApp

i just want to mention, that before trying Web Wiz Rich Text Editor, i tried WhizzyWig which is a javascript one. and before that another one. I had the same problem with all 3. Why is this happening?

and if its a problem with my layout, then can you suggest another rich text editor that may be compatible? I use ASP pages obviously, and i use an access database.

Thanks, and below is the code

<div style="width:100%;height:85%;overflow:auto"' border=0>I am testing the rich text editor. <br />&lt;DIV&gt;&nbsp;&lt;/DIV&gt;<br />&lt;DIV&gt;&lt;STRONG&gt;This is supposed to be bold&lt;/STRONG&gt;&lt;/DIV&gt;<br />&lt;DIV&gt;&nbsp;&lt;/DIV&gt;<br />&lt;DIV&gt;&lt;FONT color=#ff0000&gt;this is supposed to be red text&lt;/FONT&gt;&lt;/DIV&gt;</div></td>
</tr>
<tr> <

I have to add one more thing Jared, and that is that in the page which shows the formatted text, it does not display in a text area and if anyone replies to that comment, they have to click "reply" and that takes them to the original page which has a form and also has the rich text editor and that page DOES have a text area as you described.

So are you saying, that text created in this text area, can only be displayed in a pop up window, if that pop up window also has a text area?

Can it not be displayed as it is? ie. in the "comment" area above?

So are you saying, that text created in this text area, can only be displayed in a pop up window, if that pop up window also has a text area?

No, the easiest way to show coding is to put it in a textarea, this usually shows the code for the formatting rather than the real formatting. If that was the problem there is a really simple fix. Unfortunately, that is not the problem.

The coding has been altered at some step to display the codes. I don't know if that makes sense. OK, here's an example. You type the phrase "emboldened text" into the editor and use the editor's controls to make it bold. The editor should save the following into the db:
when the comment is displayed this should be pulled up as is. If it was displayed in a textarea it would look like the code, but if it was outside a textarea it should look correct. Somewhere along the way, however, this has been changed to (the "&lt;" etc. are the HTML codes to display special characters like "greater than" and "less than" if you don't want them interpretted as tags)

I would be surprised if the change was made before it was added to the db. Just to make sure, is there any way you can open the db and check to see that you have "<strong>" and not "&lt;strong&gt;"?

If it is displayed correctly in the db, then the problem comes when the comment is opened for display. There is likely a brief line in the asp code which says something like this: The "comment" is the name of the field in the db that holds the comment, and the "HTMLEncode ()" is the function which is messing things up. If you find this and remove it you will likely fix the problem.

There might be another problem caused by removing the function entirely, but lets deal with that after you find it. When you find the above lines, let me know and I will try to help you test for the other problem.

Jared

Jared, thank you so much for your help.

I opened the database, and i checked the comments and this is what is displayed.

fldCOMMENT
&lt;P&gt;this is just a test to &lt;STRONG&gt;see what&lt;/STRONG&gt; i can do&lt;/P&gt;
&lt;P&gt;&lt;FONT style=&quot;BACKGROUND-COLOR: #ffcc00&quot;&gt;and if i can go home &lt;/FONT&gt;&lt;/P&gt;



fldCOMMENT
&lt;H1&gt;as &lt;FONT color=#000099&gt;we came&lt;/FONT&gt;&lt;/H1&gt;


Just to make it clearer for you. This software is for is a news weblog, with daily news added, and each news article has a commenting system, you know like you have on news sites, where readers can add their comments.

As you have probably already noted, there is a header file that is included on the page that adds the comments to the database. The header file includes the top menu and 2 files, that are inc_api.asp and config.asp

obviously the changes that are made will be in these 2 pages probably, if not on the _view_asp page.

I do want to mention one other thing. On the admin side of this weblog, there is the admin section where i add the news, and there is a rich text editor included here whose files are in a separate javascript file.
I hope this isn't causing the clash. I would use the same admin rich text editor (or a modified version) but i don't know how to do it.

If it doesn't cause any clashes i'd like to continue making the code above work, and what i will do in the next post is to post the 2 files that may be making the changes to the database.

this is the inc.api.asp file


continued in next post

and this one is the config.asp file, i havn't included all, since i don't think you'll need to see the email parts, this is the database part,

There are four functions in the inc_api.asp file about which you need to worry. I didn't read too carefully about what they each do (they apparently have slightly different functions, but they could each cause the problem and probably work together). In the APO(), APO_LAX(), and APO_INJ() there is a line near the end like this:
Change that to the following (in all three functions):
The other function about which I'm worried is the STRIP_CODE() function. I believe this checks for certain characters and if found, deletes them from the comment. Don' t do anyhting to it right now, but if the "greater than" and "less than" brackets are gone entirely, this is what we need to fix next.

Jared

Jared, i've made the 3 changes to the inc_api file, just to be sure, this is what they look like now. I just want to mention, that the middle one doesn't have "END IF" as the other ones do.


this is what the comments look like now, here is the code for the "comment part" as displayed on the webpage




and this is what the comment looks like copied and pasted as it shows on the web

This is a test message

cynthia - manhattan - Sweden - Monday, April 09, 2007 - 10:33:11 PM

I am testing the rich text editor.
<DIV> </DIV>
<DIV><STRONG>This is supposed to be bold</STRONG></DIV>
<DIV> </DIV>
<DIV><FONT color=#ff0000>this is supposed to be red text</FONT></DIV>

Jared, i've made the 3 changes to the inc_api file, just to be sure, this is what they look like now. I just want to mention, that the middle one doesn't have "END IF" as the other ones do.

Expand|Select|Wrap|Line Numbers

1. PRIVATE FUNCTION APO(val)
2.     Dim tmpSTR
3.     tmpSTR = val
4.     IF NOT tmpSTR = "" THEN
5.         tmpSTR = Replace(Trim(tmpSTR),chr(34),"&quot;")
6.      tmpSTR = Replace(Trim(tmpSTR),"'","''")
7.         tmpSTR = Replace(Trim(tmpSTR),"<","&lt;")
8.         tmpSTR = Replace(Trim(tmpSTR),">","&gt;")
9.   IF DB_TO_USE = 3 THEN tmpSTR = Replace(Trim(tmpSTR),"\","\\")
10.     END IF
11.     APO = tmpSTR
12.  APO = val 
13. END FUNCTION

You need to put in a single quote mark (apostrophe) like this:
Check that. I will go back over your code to see if there is anyhting else I missed, but try that and tell me if it works.

Jared

You need to put in a single quote mark (apostrophe) like this:

Expand|Select|Wrap|Line Numbers

1.     'APO = tmpSTR
2.     APO = val 
3. END FUNCTION
4.  

Check that. I will go back over your code to see if there is anyhting else I missed, but try that and tell me if it works.

Jared

Jared, before i add the apostrophe i want to mention something. After this you can tell me if you still want me to add the apostrophe as you said above.

i made a mistake yesterday. After i posted the code, i realised i just posted the code of the last message, which in the database had been altered already by the last api.asp file. What i should have done was posted a new message with the new code that you told me to add to the api.asp file.

I now posted a new message, and checked to see what it looks like, and it works, ie the tags are no longer there, however the formatting doesn't show. But it is an improvement, if you know what i mean. Anyway,. here is what it looks likes on the public side, -----------


Saturday, April 14th test

cynthia - manhattan - Sweden - Saturday, April 14, 2007 - 8:30:57 AM

I am testing the rich text editor.

I want to see if the changes to the code work or not.

this is heading 2

this is supposed to be bold

this is italic

this is red text


this is a numbered list
this is a numbered list
this is a numbered list
this is a numbered list

and this below is the code which i got from "view source"



So do you still want me to add the apostrophe?

Another problem using a rich text editor brings is in the javascript "reply" button, which when clicked takes the user to the first page with a form for typing. This worked fine without, the rich text editor. However i notice that now if you click it, it doesn't seem to work...or works slowly, .here is the full code

Karen,

Ahhh. Hmmm. We are going in the right direction then, but not quite there. Add the apostrophe, but it probaly won't change anything at this point.

Change the STRIP_CODE() function next. You are really doing the same thing you did in the other functions, just turn the line that makes the change into a comment (by putting an apostrophe at the beginning) and add a line returning the same value that the function started with:
Let me know as soon as you test it.

Jared

Karen,

Ahhh. Hmmm. We are going in the right direction then, but not quite there. Add the apostrophe, but it probaly won't change anything at this point.

Change the STRIP_CODE() function next. You are really doing the same thing you did in the other functions, just turn the line that makes the change into a comment (by putting an apostrophe at the beginning) and add a line returning the same value that the function started with:

Expand|Select|Wrap|Line Numbers

1. FUNCTION STRIP_CODE(strText)
2.     Dim RegEx
3.     Set RegEx = New RegExp
4.     RegEx.Pattern = "<[^>]*>"
5.     RegEx.Global = True
6.     'STRIP_CODE = RegEx.Replace(strText, "")
7.        STRIP_CODE = strText 'makes no change
8.     Set RegEx = Nothing
9. END FUNCTION
10.  

Let me know as soon as you test it.

Jared

Jared Thanks , i tested it, and it seems to work fine, and sometimes i get this error message, if i use a combo of the rich text editor functions.

i then check the line 35 code, and it is this:


However, i don't use SQL i use access database, which must be one of the previous choices, i don't know.......??

Also Jared if you look at the code above and at the link which is "reply" this is a javascript function that takes you to the form to write a reply. Then check the javascript at the bottom and you will see, it is written so that the cursor should focus on the "comment" after filling in the subject field .
This worked before, but after adding the rich text editor, what happens is that the subject does get filled in, however, the cursor does not automatically point to the "comment" section.
Before it did, and when that happened, it reduced to window of the comment into the bar at the bottom. Now i have to manually do it. How do i correct this? any ideas? thanks Jared, you're a great help...

Jared, i've noticed if i copy and paste anything onto the page, i also get the error message above, and can't post the comment...

Jared Thanks , i tested it, and it seems to work fine, and sometimes i get this error message, if i use a combo of the rich text editor functions.

Expand|Select|Wrap|Line Numbers

1. Microsoft JET Database Engine error '80040e14' 
2.  
3. Syntax error (missing operator) in query expression ''<FONT size=4>Beirut - Former U.S. President Bill Clinton</FONT> <H5>says peace is possible </H5> <P><BR>between <STRONG>Israel and Syria</STRONG> if Iran and media were <EM>banned</EM> from closed-<U>door <BR></U>peace talks.<BR><BR> <HR> <BR>Clinto'. 
4. /_comments.asp, line 35

i then check the line 35 code, and it is this:

Expand|Select|Wrap|Line Numbers

1.    SQL = "SELECT fldTITLE, fldCONTENT, fldSUMMARY, nm_tbl_news.fldACTIVE AS ACTIVE, fldAID, fldPOSTED, fldEXPIRES, nm_tbl_news.fldIMAGE AS NIMAGE, fldALLOW_COMMENTS, fldALLOW_VOTING, fldCREATED, fldUPDATE, nm_tbl_agent.fldNAME AS ANAME, nm_tbl_news.fldAID AS AID, fldUSE_VIEW FROM nm_tbl_news, nm_tbl_agent WHERE (nm_tbl_agent.ID = nm_tbl_news.fldAID) AND (nm_tbl_news.fldACTIVE = 1) AND nm_tbl_news.ID = " & NID ' { AND (Now() - {GetDate()} BETWEEN fldPOSTED AND fldEXPIRES)) }
2.         Set RS = Server.CreateObject("ADODB.Recordset")
3.         RS.LockType   = 1

However, i don't use SQL i use access database, which must be one of the previous choices, i don't know.......??

OK, First, I'm glad to hear that it worked so far. SQL stands for "Standard Query Language" or something close, it was not invented by microsoft, it is just the language with which you access a db. That is why a lot of programmers refer to Microsoft's program as MSSQL.

Anyway, it looks like the db is being queried with a long string to search for text from the original post. This is actually a really sloppy way to do it, the original post should have some type of key number which is easier to search for than the entire comment, but I digress. I am betting that the problem comes up when there is a quote mark in the comment. Just to be sure, immediately after the line where SQL is defined, add this:
This will print the entire SQL statement into an HTML comment. It will not be visible from the web page, but after you get the error if you right click the page and select "view source" from the pop-up menu, you will be able to read the SQL statement. (you can search for "<!-- SQL:" to find it quicker). Post the comment from a page that gave you an error.

Also Jared if you look at the code above and at the link which is "reply" this is a javascript function that takes you to the form to write a reply. Then check the javascript at the bottom and you will see, it is written so that the cursor should focus on the "comment" after filling in the subject field .
This worked before, but after adding the rich text editor, what happens is that the subject does get filled in, however, the cursor does not automatically point to the "comment" section.
Before it did, and when that happened, it reduced to window of the comment into the bar at the bottom. Now i have to manually do it. How do i correct this? any ideas? thanks Jared, you're a great help...

This is a javascript problem. Although I might be able to walk you through it, I might not do the best job. The problem is probably in the name of the editor. I don't mean "joes Editor" i mean "<textarea name='commentBox'>". The focus changing line is probably looking for the textarea with the old name. Anyway, that is where I would look.

Jared

Ok thanks Jared, i will add this line, but do you want me to add it in the api.asp page, or the page where ipost the comments which is _view.asp or the page where comments are read, which is _comments_view.asp.

It calls up the _comments.asp on error, as originally that was the page to write comments on. But i had changed that so readers were taken back to the first form on the view.asp page, that is where the form to post comments is.

So is that where i add the function? there are about 3 different databases setup, and i think i use the first option

Jared, what i've done below is given you most of the code on the _view_asp page, this has the databases and all the other things i have on the main article view page, like the way the article is placed, the comments, the comment form, the registration form, . I have not included some of the code for the things you may not need.

and continued .......




<a href="#TalkBack"><img src="talkback_7.gif" width="141" height="43" alt="" border="0" /></a>
<br /><br />

<%

SQL = "SELECT ID, fldNAME, fldCOMMENT, fldDATE, fldSUBJECT, fldM_ID, fldCITY, fldCOUNTRY, fldALLOW, fldEMAIL FROM nm_tbl_comment WHERE fldNEWS_ID = " & NID & " ORDER BY ID ASC"
Set RS = Server.CreateObject("ADODB.Recordset")
RS.LockType = 1
RS.CursorType = 0
RS.Open SQL, MyConn
WHILE NOT RS.EOF
CCOUNT = CCOUNT + 1
C_ID = trim(RS("ID"))

C_NAME = trim(RS("fldNAME"))
C_COMMENT = trim(RS("fldCOMMENT"))
C_SUBJECT = trim(RS("fldSUBJECT"))
C_M_ID = trim(RS("fldM_ID"))
C_DATE = trim(RS("fldDATE"))
C_CITY = trim(RS("fldCITY"))
C_COUNTRY = trim(RS("fldCOUNTRY"))
C_ALLOW_E = trim(RS("fldALLOW"))
C_EMAIL = trim(RS("fldEMAIL"))

%>
<table width="100%" cellpadding="2" cellspacing="0" border="0"><tr>
<td colspan="2"><a class="CommentLink" href="_comment_view.asp?ID=<%=C_ID%>&amp;AID=<%=NI D%>" onClick="NewWindow(this.href,'name','450','410','Y es')"><%=C_SUBJECT%></a>,</td>
</tr><tr>
<td width="100%"><%IF Trim(C_ALLOW_E) = "1" THEN%><a class="CommentLink" href="_email.asp?ID=<%=C_ID%>&amp;AID=<%=NID%>" onClick="NewWindow(this.href,'name','450','410','Y es')">
<img src="images1/img_sendto.gif" width="14" height="9" alt="" border="0" /></a>&nbsp;<%END IF%> <%= C_NAME %> - <%=C_CITY%> - <%=C_COUNTRY%> - <%=FormatDateTime(C_DATE,2)%> - <%=FormatDateTime(C_DATE,3)%></td>
</tr></table>
<br /><br />

<%
RS.MoveNext
WEND
RS.Close
Set RS = Nothing
%>

<br />




<% IF blLOGGED_IN = True THEN %>

<br /><br />

<table width="430" TD BACKGROUND="sinaismall.JPG"
bgcolor="white" cellpadding="2" cellspacing="0" border="0" width="100%"><tr>
<td style="padding: 20px;">

<br /><br />

<table align="center" width="400" cellpadding="2" cellspacing="0" border="0">
<form action="_comments.asp?ID=<%=NID%>" method="post" name="frm3" onSubmit="return ValidateComment()">
<tr>
<td width="100">Name</td>
<td width="300"><%=Session("PMMS_USERNAME")%></td>
</tr><tr>
<td>Country</td>
<td width="300"><%=Session("PMMS_COUNTRY")%></td>
</tr><tr>
<td>Subject*</td>
<td width="300"><input type="Text" name="subject" value="" maxlength="50" class="textbox" style="width: 100%"></td>
</tr><tr>
<td valign="top">Comment*</td>
<td width="300"><textarea rows="6" cols="50" name="comment" style="width: 100%;" class="textbox"></textarea><br />
<input type="Checkbox" name="allowE" value="1" />Allow readers to email me.
</td>
</tr><tr>
<td></td>
<td><input type="Submit" value="Leave Comment" /></td>
</tr>
<input type="Hidden" name="mode" value="set" /></form>
</table>
<br /><br />
<table cellpadding="2" cellspacing="0" width="100%"><tr>
<td>* - These fields are mandatory.</td>
<td align="right"><a href="http://www.myweblog.com/MMS/login.asp?logout=True" target="_parent">Click here to log out.</a></td>
</tr></table>
<br /><br />
</td>
</tr></table>

<br />

<% ELSE%>


You will need to register to post comments in the talkback.
<br /><br />





<br />
<a href="#TalkBack"><img src="talkback_view.gif" width="141" height="43" alt="" border="0" /></a>
<br /><br />


<%

SQL = "SELECT ID, fldNAME, fldCOMMENT, fldDATE, fldSUBJECT, fldM_ID, fldCITY, fldCOUNTRY, fldALLOW, fldEMAIL FROM nm_tbl_comment WHERE fldNEWS_ID = " & NID & " ORDER BY ID ASC"
Set RS = Server.CreateObject("ADODB.Recordset")
RS.LockType = 1
RS.CursorType = 0
RS.Open SQL, MyConn
WHILE NOT RS.EOF
CCOUNT = CCOUNT + 1
C_ID = trim(RS("ID"))

C_NAME = trim(RS("fldNAME"))
C_COMMENT = trim(RS("fldCOMMENT"))
C_SUBJECT = trim(RS("fldSUBJECT"))
C_M_ID = trim(RS("fldM_ID"))
C_DATE = trim(RS("fldDATE"))
C_CITY = trim(RS("fldCITY"))
C_COUNTRY = trim(RS("fldCOUNTRY"))
C_ALLOW_E = trim(RS("fldALLOW"))
C_EMAIL = trim(RS("fldEMAIL"))

%>
<table width="100%" cellpadding="2" cellspacing="0" border="0"><tr>
<td colspan="2"><a class="CommentLink" href="_comment_view.asp?ID=<%=C_ID%>&amp;AID=<%=NI D%>" onClick="NewWindow(this.href,'name','450','410','Y es');return false;"><%=C_SUBJECT%></a>,</td>
</tr><tr>


<td width="100%"><%IF Trim(C_ALLOW_E) = "1" THEN%><a class="CommentLink" href="_email.asp?ID=<%=C_ID%>&amp;AID=<%=NID%>" onClick="NewWindow(this.href,'name','450','410','Y es');return false;">
<img src="images1/img_sendto.gif" width="14" height="9" alt="" border="0" /></a>&nbsp;<%END IF%> <%= C_NAME %> - <%=C_CITY%> - <%=C_COUNTRY%> - <%=FormatDateTime(C_DATE,2)%> - <%=FormatDateTime(C_DATE,3)%></td>
</tr></table>
<br /><br />

<%
RS.MoveNext
WEND
RS.Close
Set RS = Nothing
%>

<br />



<% IF blLOGGED_IN = True THEN %>

<br /><br />

<table width="430" TD BACKGROUND="sinaismall.JPG"
bgcolor="white" cellpadding="2" cellspacing="0" border="0" width="100%"><tr>
<td style="padding: 20px;">

We reserve the right to delete comments that do not conform to our code of conduct.


<table align="center" width="400" cellpadding="2" cellspacing="0" border="0">
<form action="_comments.asp?ID=<%=NID%>" method="post" name="frm3" id="frm3" onSubmit="return ValidateComment()">
<tr>
<td width="100">Name</td>
<td width="300"><%=Session("PMMS_USERNAME")%></td>
</tr><tr>
<td>Country</td>
<td width="300"><%=Session("PMMS_COUNTRY")%></td>
</tr><tr>
<td>Subject*</td>
<td width="300"><input type="Text" name="subject" value="" maxlength="50" class="textbox" style="width: 100%"></td>
</tr><tr>




<%

'Declare the ASP variables used
Dim strFormName
Dim strTextAreaName

'ID tag name of the HTML form the textarea is within
strFormName = "frm3"

'ID tag name of HTML textarea being replaced
strTextAreaName = "comment"

%>




<td valign="top">Comment*</td>
<td width="300"> <!-- include the Web Wiz Rich Text Editor -->
<!--#include file="RTE_editor_inc.asp" --> <textarea name="comment" id="comment" rows="6" cols="50" style="width: 100%;" class="textbox"></textarea>




<input type="Checkbox" name="allowE" value="1" />Allow readers to email me.
</td>
</tr><tr>
<td></td>
<td><input type="Submit" value="Leave Comment" /></td>
</tr>
<input type="Hidden" name="mode" value="set" /></form>
</table>
<br /><br />
<table cellpadding="2" cellspacing="0" width="100%"><tr>
<td>* - These fields are mandatory.</td>
<td align="right"><a href="http://www.myweblog.com/MMS/login.asp?logout=True" target="_top">Click here to log out.</a></td>
</tr></table>
<br /><br />
</td>
</tr></table>

<br />

<% ELSE%>

<table cellpadding="2" cellspacing="0" border="0" width="430"><tr>
<td>
Click on the headline to read a Talkback comment and respond to it. Click on the
<img src="images1/img_sendto.gif" width="14" height="9" alt="" border="0" />
icon to send a private email to the talkback writer. .
</td>
</tr></table>
<br /><br />



<br />


<% END IF ' { IF USE_VIEW = "1" THEN ' News Agency Template } %>



<br /><br /><br />


<%
MyConn.close
Set MyConn = Nothing
%>

<!--#include file="inc_footerLinksOnly.asp"-->

Ok thanks Jared, i will add this line, but do you want me to add it in the api.asp page, or the page where ipost the comments which is _view.asp or the page where comments are read, which is _comments_view.asp.

Whichever page had the line "SQL = ..." a really long line which you identified as causing the error (I didn't follow which page it was in), line 34? put in the comment line immediately after that line.

Jared

Jared,

Yes it was the "" and ' which were causing the problems i think, as after i added that line, it seems to work now.

I first added it to the page where the comments are typed, and it didnt' do the trick, i then added it to the comments.asp page, the page which the syntax says is the error page, on line 35, i added it there, and it now works.

Thanks, obviously i'll test it more later, and hopefully no problems. thanks for this Jared, really appreciate it. But i'm just wondering, will the changed code affect my other setup in any way do you think?

Jared, the double quotes problem seems to have been solved, i can now use " " but i'm having a problem using the apostrophe, as in the word, can't or if i put the single quotes around a word like 'this'

"this works" but 'this doesn't' when i use 'this' i get this error message,

The code i added before is here, do i need to add something to make the single quote (apostrophe) work? by the way, i'm not sure which of the 2 databases i use, so should i add the code to the top part as well?

put it right after the "end if" That way you catch both of them.

put it right after the "end if" That way you catch both of them.

I tried putting it right after both "end if" but still persists

Jared, i don't this line will solve the problem as i just tried something. I took out this line

and i could still post message using double quotes, thus i think i was wrong before when i said it worked. I think i must have mistook single quotes for double.

the double quotes work but the single ones don't. and even without the single line code above, the double quotes go through.

I think the code needs to be added somewhere else, and i'm only having problems with single quotes. They won't get posted, ie. they won't get added to the database, from the form which submits the comments. The form that submits the comments is in the "view.asp" page,

Another problem i noticed is that if i use double quotes in the subect line, they show OK, but when i click reply, usually the data is submitted to the reply form to type out the comment, but if there is a double quote in the sujbect , that part won't get submitted and is blank,

damn, why is all this so confusing?

thanks anyway Jared,

Jared, i don't this line will solve the problem as i just tried something. I took out this line

Expand|Select|Wrap|Line Numbers

1.  response.write vbNewLine & "<!-- SQL: " & SQL & " -->" & vbNewLine  

Sorry I wasn't clear. This line isn't supposed to solve the problem, it is meant to help troubleshoot. Leave it in, then go to a page that gives you an error. Right click and select "View source" from the pop-up menu. Scroll to the bottom of the source code and there should be a comment right before the error message starts:
Show me the comment AND the error

Jared

dude,

this kind of "problems" are by design: See HTML is an ascii based protocol, which means it has only a set of ~128 symbols are allowed when writing it (so esape codes express the rest of the symbols you may want).

Normally an ascii character will be printed out just the way you wrote it in your HTML, for example the ascii character "a" will be output as the lower case character "a". HOWEVER in HTML there are some special characters, like "<", ">", and "&", that aren't output to screen because they are treated as special characters.

With these characters you can build what are called HTML tags, and escape codes. These "control characters", when unescaped, control things like the color, font, and placement of text and other elements in your page. If you want, say, the character "<" to appear in your HTML page, you can't just write it, you need to escape it. A browser will translate the sequence "&lt;" (sans the quotes) as the character "<" and render a "<" character to the screen. However a browser that encounters an actual unescaped "<" character will think you are opening up an HTML tag.

What your rich text editor does is wrap portions of the text you write between tags to style your text. However, there is a potential security issue here because people could introduce a "comment" in your guestbook that actually executes a javascript script. (for example, search for cross-site scripting, or XSS, in wikipedia). These kinds of attacks are very dangerous as they can steal cookies from active web sessions, etc...

It is because of this reason that some servers by default will "HTMLencode" what you upload, this is to say: any special characters will be escaped so that when read back from the store they won't have a special meaning ( a "<" character will be translated to "&lt;" and stored like that in the database). What's happening in your case is that the rich text editor sends the text in "ok" form, but the ASP server is protecting itself from possible attacks and HTMLencoding everything you send to it.

In the case of ASP.NET, What you want to do here is read the "raw" text property from your input boxes into the server store. ASP.NET will complain that there is a vulnerability here. So what you do is you set the "ValidateRequest" property equal to "false", (you do this at the top of your asp.net page). However, If I were you I'd have a simple parsing function that would invalidate any comment that had a <script> tag on it in any form.

I don't know what the equivalent of this property is in plain ASP (I got here in the .NET days), but I'm sure you should look for something similar, or just migrate to an ASP.NET server anyway.

Hope that helps

Sorry I wasn't clear. This line isn't supposed to solve the problem, it is meant to help troubleshoot. Leave it in, then go to a page that gives you an error. Right click and select "View source" from the pop-up menu. Scroll to the bottom of the source code and there should be a comment right before the error message starts:

Expand|Select|Wrap|Line Numbers

1. <!-- SQL: ... -->

Show me the comment AND the error

Jared

OK on the page the error shows as

Syntax error (missing operator) in query expression ''<P><FONT face=Arial size=2>This is a test message. I cannot use apostrophe's in this comment. But i can use double quotes. If i use an apostrophe i get an error. </FONT></P>',Now(),'my isp here,4,'checking on tuesday ','manhattan','Sweden',1)'.

/_comments.asp, line 37

and when i view the source i get this,

OK! We are really almost there! Remember those three functions we changed early on? change the line we added to this:

APO = replace(val, "'", "'")


This replaces any apostrophes with a special character code which should be interpreted as an apostrophe.

Try it and let me know how it goes.

Jared

That didn't work! OK the second set of quote marks in the above code sample should contain an ampersand, a pound symbol, the number 39 and a semicolon. Every time I type this in this website converts it to an apostrophe, like this: ' Does it look right here?

Jared

That didn't work! OK the second set of quote marks in the above code sample should contain an ampersand, a pound symbol, the number 39 and a semicolon. Every time I type this in this website converts it to an apostrophe, like this: ' Does it look right here?

Jared

Jared you're right the first one didn't go through, the second code did go through however when the comment is viewed, it doesn't show an apostrophe, it shows those characters on the webpage, ie

when i added this to the inc_api.asp file

this is what showed on the web page when i tried to look at the comment

check &£39;go&£39;

the words in the comment are actually "check go", but do you see? the ampersand, pound, etc. are showing.

Jared, just to let you know i tried it on the "APO=..." one first, and then tried changing all 3. The message goes through now, but when viewed, instead of the apostrophe, you see the 4 characters that i added.

This is what the code looks like now. Pls check it to see if i havn't missed out a comma or anything.....when i added the 4 characters

Sorry, I reported a bug since I couldn't post the characters correctly. I was a little worried because I knew there are different "pound" characters. I meant "#". I eventually found a workaround. Here are the four characters you need "&#39;"

Jared

Sorry, I reported a bug since I couldn't post the characters correctly. I was a little worried because I knew there are different "pound" characters. I meant "#". I eventually found a workaround. Here are the four characters you need "'"

Jared

Jared, thanks . My ftp server is down since yesterday, so i can't test this yet, but as soon as i can i will let you know if it works. I hope it does.

In the meantime, i wonder if you can add some input in the "reply button" thing which i mentioned above. I did actually post a separate thread, but no replies so far.
I'm sure it's a very simple focus problem,

http://www.thescripts.com/forum/showthread.php?p=2520690#post2520690

Thanks so much, good day.

OK, it works fine in the comments Jared, finally. And also if i use the apostrophe or double quotes in the subject line they show fine. The only problem now, is that when i click reply these 2 characters cause a problem described below.

All the special characters seem to work fine in the subject line, when i click reply, it fills in the "subject" line autmatically in the comment form.

1. if the subject line contains " ie. double quotes nothing gets transferred.

2. there is an apostrophe in the subject line, and you click reply, when it prefills the form in the parent page, it shows,

the 4 characters instead of the apostrophe. I tried typing them hear but an apostrophe appeared, so you know which ones i mean.

So do i need to add code somewhere else?

Thanks for all you've done so far Jared.