Server.HTMLEncode(string) encodes the given string as HTML. So, for example,
if you use Server.HtmlEncode("<!--some text -->"), it encodes it as
"<!--some text-->" so that when it appears in an HTML document, it
appears as "<!--some text-->". This is because some text characters are
treated differently by HTML documents, since HTML documents are pure text.
The example, above, if not Html-Encoded, would not appear in the document at
all, as the angle brackets and other symbols create an HTML comment. So, as
far as Server.HtmlEncode, and when to use it, use it when displaying text in
HTML.
The single quote issue has nothing to do with HTML. It has to do with the
SQL language. The single quote is a text delimiter in SQL. To escape it,
double it. Example:
SELECT * FROM MyTable WHERE LastName = 'O''Malley'
--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
I get paid good money to
solve puzzles for a living
"Darrel" <no*****@nospam.com> wrote in message
news:et**************@TK2MSFTNGP10.phx.gbl...
How does HTML.encode work?
I'm trying to save text in a hidden form field into a SQL DB. The tedt is
HTML (from a WYSIWYG editor...X-standard).
One problem I have is that stray apostrophe's in the HTML text are
throwing a SQL error. Html.encode doesn't seem to do anything with these, eh?
Secondly, does HTMLencode also encode already encoded items?
For instance, if I have text in my editor that contains an HTML entity
like < and then I run THAT through HTML.encode, will that decode along with
the html when I use HTML.decode?
-Darrel
