LS,
I want to make a content management system. Therefore I have to be
able to change the content of my mysql database. I'm writing the
content to text boxes in forms, to be able to edit them.
This works fine as long as there are no ' in the text. The information
in the database is correct, but when it is shown in the form,
everything after the quote is not shown.
I can write new text with quotes, and this will be stored in the
database correctly.
I am aware of addslashes/htmlentities in php, and have experimented
with it, but to no avail.
Any help apreciated
Gerben
9  3578  ge*******@hotma il.com (gerben) wrote in message news:<79******* *************** ***@posting.goo gle.com>... LS,
I want to make a content management system. Therefore I have to be
able to change the content of my mysql database. I'm writing the
content to text boxes in forms, to be able to edit them.
This works fine as long as there are no ' in the text. The information
in the database is correct, but when it is shown in the form,
everything after the quote is not shown.
I can write new text with quotes, and this will be stored in the
database correctly.
I am aware of addslashes/htmlentities in php, and have experimented
with it, but to no avail.
Any help apreciated
Gerben
Gergen,
(dutch?)
I have had the same problem using ASP on an ACCESS-db.
Before committing the content to the database, I used
the asp-replace command to replace every ' in the content
with ' and then commit to the db.
It worked.
--
Raymond ra*****@raymond loman.nl (Raymond Loman) wrote in message news:<b0******* *************** ***@posting.goo gle.com>... Before committing the content to the database, I used
the asp-replace command to replace every ' in the content
with ' and then commit to the db.
It worked.
I wouldn't think that HTML-encoding would be the proper thing to do
with plain-text data being sent to a database. (And, if you were
HTML-encoding, then you should remember the trailing semicolon, so
it's ' .) In SQL, I believe the proper way to send a literal
quote/apostrophe is to double it, as ''.
--
Dan ge*******@hotma il.com (gerben) wrote in message news:<79******* *************** ***@posting.goo gle.com>... This works fine as long as there are no ' in the text. The information
in the database is correct, but when it is shown in the form,
everything after the quote is not shown.
When I code (particularly server-side), all my database column names
and my script variables use a naming convention that indicates their
content type as either "string" strFooBar (not HTML encoded), "HTML"
htmlFooBar (always encoded) or "URL" urlFooBar (safe for use in URLs).
Sometimes I even use extensions to this, for xml encoding (also
HTML-safe, but I know it doesn't depend on a HTML DTD for entities),
tainted user-entry data or even tainted user-entered HTML-subset (i.e.
weblog entries).
It's very easy to convert between these character-string-subtypes. The
hard part is _knowing_ what you have, and always treating each one
appropriately. I _know_ that my system will never load a string from a
database then write it straight out to a HTML stream without noticing
that it contains
<img src="goatse.cx" >
Equally I don't have content appearing for my users as &lt;
because it has taken too many trips through the entity encoder.
On Thu, 20 May 2004, Andy Dingley wrote: and my script variables use a naming convention that indicates their
content type as either "string" strFooBar (not HTML encoded), "HTML"
htmlFooBar (always encoded) or "URL" urlFooBar (safe for use in URLs).
Seems like good advice to me.
The immediate problem which occurs to me are those browsers which,
contrary to anything that's even hinted at in the specifications, take
a user input character in a form text input, and apply a completely
unsolicited HTML-ification into &#number; or even &entity; format
in the course of submitting the form.
So from the server side you can't tell unambiguously quite *what* the
user typed-in. da*@tobias.name (Daniel R. Tobias) wrote in message news:<aa******* *************** ****@posting.go ogle.com>... ra*****@raymond loman.nl (Raymond Loman) wrote in message news:<b0******* *************** ***@posting.goo gle.com>... Before committing the content to the database, I used
the asp-replace command to replace every ' in the content
with ' and then commit to the db.
It worked.
I wouldn't think that HTML-encoding would be the proper thing to do
with plain-text data being sent to a database. (And, if you were
HTML-encoding, then you should remember the trailing semicolon, so
it's ' .)
yes, you are correct. Should be '
In SQL, I believe the proper way to send a literal
quote/apostrophe is to double it, as ''.
yes, in SQL you are correct. But HTML does not swallow double
' in the code. Better, it swallows it, but it doesn't spit out the result
you would like.
--
Raymond
On Thu, 20 May 2004 11:22:41 +0100, Alan J. Flavell wrote: On Thu, 20 May 2004, Andy Dingley wrote:
and my script variables use a naming convention that indicates their
content type as either "string" strFooBar (not HTML encoded), "HTML"
htmlFooBar (always encoded) or "URL" urlFooBar (safe for use in URLs).
Seems like good advice to me.
The immediate problem which occurs to me are those browsers which,
contrary to anything that's even hinted at in the specifications, take
a user input character in a form text input, and apply a completely
unsolicited HTML-ification into &#number; or even &entity; format
in the course of submitting the form.
Citations, please? I've never heard of this behaviour; it doesn't, or
wouldn't, surprise me in the least to find out it happens, but it seems
even more egrariously bogus than most things browsers do.
--
Some say the Wired doesn't have political borders like the real world,
but there are far too many nonsense-spouting anarchists or idiots who
think that pranks are a revolution.
On Mon, 24 May 2004 23:50:44 GMT, Owen Jacobson wrote: On Thu, 20 May 2004 11:22:41 +0100, Alan J. Flavell wrote:
The immediate problem which occurs to me are those browsers which,
contrary to anything that's even hinted at in the specifications, take
a user input character in a form text input, and apply a completely
unsolicited HTML-ification into &#number; or even &entity; format
in the course of submitting the form.
Citations, please? I've never heard of this behaviour; it doesn't, or
wouldn't, surprise me in the least to find out it happens, but it seems
even more egrariously bogus than most things browsers do.
I've run into this in the past as well, and a simple test page confirms
this is the case for e.g. the euro sign. If a euro sign (placed in the
body text of the test page using € or $#8364;) is copied and pasted
into a text input field and the form is subsequently submitted, some IE
versions (5.0 and 5.5) submit %26%238364%3B (i.e., €). Both
versions 4 and 6 submit %80, which probably makes more sense - at least
it is not a HTML entity (and Mozilla does the same ;). Oddly, Opera
(7.23) submits %3F, i.e. "?"...
Gertjan.
--
Gertjan Klein <gk****@xs4all. nl>
On Tue, 25 May 2004 11:16:46 +0200, Gertjan Klein <gk****@xs4all. nl>
wrote: On Mon, 24 May 2004 23:50:44 GMT, Owen Jacobson wrote:
On Thu, 20 May 2004 11:22:41 +0100, Alan J. Flavell wrote:
The immediate problem which occurs to me are those browsers which,
contrary to anything that's even hinted at in the specifications, take
a user input character in a form text input, and apply a completely
unsolicited HTML-ification into &#number; or even &entity; format
in the course of submitting the form.
Citations, please? I've never heard of this behaviour; it doesn't, or
wouldn't, surprise me in the least to find out it happens, but it seems
even more egrariously bogus than most things browsers do.
I've run into this in the past as well, and a simple test page confirms
this is the case for e.g. the euro sign. If a euro sign (placed in the
body text of the test page using € or $#8364;) is copied and pasted
into a text input field and the form is subsequently submitted, some IE
versions (5.0 and 5.5) submit %26%238364%3B (i.e., €). Both
versions 4 and 6 submit %80, which probably makes more sense - at least
it is not a HTML entity (and Mozilla does the same ;). Oddly, Opera
(7.23) submits %3F, i.e. "?"...
I remember vauguely something about this to do with entered characters
not being available in the document encoding. I think by default IE
(and Opera?) will submit forms using the charset that the containing
document uses, but the forms will accept any unicode character. Opera
must use "?" to mean "unrepresentabl e character" (probably using the
Windows API function to do the conversion) while IE obviously had a
bug where it would try to represent the unrepresentable character as
an HTML entity.
I seem to remember that sending the document in a unicode-based
encoding (for example, utf8) causes IE to send back the characters in
that same encoding, thus bypassing the problem completely. The
submitted characters will be encoded using %xx hexidecimal octet
references.
This is from memory, though. It's been a while since I've dealt with
this. A quick experiment could prove this for anyone who needs this.
-Claire
On Tue, 25 May 2004, Gertjan Klein wrote: On Mon, 24 May 2004 23:50:44 GMT, Owen Jacobson wrote:
On Thu, 20 May 2004 11:22:41 +0100, Alan J. Flavell wrote:
The immediate problem which occurs to me are those browsers which,
contrary to anything that's even hinted at in the specifications, take
a user input character in a form text input, and apply a completely
unsolicited HTML-ification into &#number; or even &entity; format
in the course of submitting the form.
Citations, please? I've never heard of this behaviour; it doesn't, or
wouldn't, surprise me in the least to find out it happens, but it seems
even more egrariously bogus than most things browsers do.
My page http://ppewww.ph.gla.ac.uk/~flavell/...form-i18n.html
discusses this and other strange observations. It makes no claims to
be complete, however!
I've run into this in the past as well, and a simple test page confirms
this is the case for e.g. the euro sign. If a euro sign (placed in the
body text of the test page using € or $#8364;) is copied and pasted
into a text input field and the form is subsequently submitted, some IE
versions (5.0 and 5.5) submit %26%238364%3B (i.e., €).
Yup, seen that.
Both versions 4 and 6 submit %80, which probably makes more sense
It makes sense of you assume that Windows-1252 is a good choice of
character encoding for use on the World-Wide Web. No guesses for who
is trying to impose that choice on us, eh?
- at least it is not a HTML entity (and Mozilla does the same ;).
Oddly, Opera (7.23) submits %3F, i.e. "?"...
That behaviour cannot be categorised as wrong, based on what the
specifications say. My page goes into details.
For most browsers, you get more-predictable results if your HTML form
page is charset=utf-8 (even if, in reality, it is only us-ascii !);
but then you get terrible trouble with Netscape-4 versions. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Omer Ahmad |
last post by:
Hi All,
I've been working with python for about 6 months now, and have been
very impressed with the size and scope of the libraries. I have,
however, run into a bit of a problem.
I discoverred Marc Hammonds PyWin32 extensions, (whcih are awesome)
and Tim Golden's WMI wrapper for accessing the Windows Management
Instrumentation (Win32_Classes) but now I have been asked to remove
these dependandcies and still obtain machine...
|
by: cooldv |
last post by:
i know how to replace the sign " when SUBMITTING a form in asp by this
code:
message = Replace(usermessage, "'", "''").
My problem is DISPLAYING data in an asp FORM, from an an access
database, when the data already contains a " sign
problem is like this:
access database .... to update on the internet .... a *dataupdate.asp*
page ..... On this page, the data gets displayed in a form where i
|
by: dmiller23462 |
last post by:
Hi guys....I have absolutely NO IDEA what I'm doing with Javascript
but my end result is I need two text boxes to stay hidden until a
particular option is selected....I've cobbled together the JavaScript
in this code from a couple different sites but I'm not 100% sure what
each line is doing...This is the ASP code that I'm using for the
page....Take a look at the JavaScript code and please let me know what
each line is doing....I have been...
|
by: nandha |
last post by:
H
I have a doubt in VC++ regarding file reading and displaying in the GUI (Dialog
I have a binary file, which contains several piece of information , i have to read the information continuously from the file and continue to display the information in the GUI, i have created a GUI , using dialog based and having a list box in that dialog,
After reading a part of information i have to display in GUI, and again i have to keep on reading ...
|
by: magix |
last post by:
Hi,
I'm using Access Database with ASP. There is one particular thing that I
have issue with.
My purpose is for user to update their own profile. Their existing profile
information will be display in Edit Form format. The problem is if the field
has space, the second word will not display, when I display in input text
format.
E.g if My first name "User_FirstName" in my table has entry, let say "David
| | |
by: John Phelan-Cummings |
last post by:
When I add the name of a new individual in a, bound form, it will not
display that person’s name in a label control of a second unbound form.
I have a scheduling program that I am working on. Included in the
application program is a data “GRID” which I believe was created using
Visual Basic, not standard Access. Its purpose is to display the
results of a range of “from-to-dates” of registrations for different
clients. The difficulty...
|
by: gweasel |
last post by:
I've got the following code on the "OnClick" event for a command
button on a form.
______________________________________
Private Sub EmailNotify_Click()
DoCmd.SendObject acSendNoObject, , , "user@company.com", CCFIELD,
BCCFIELD, , BODY_HERE, False
End Sub
______________________________________
|
by: Eric Layman |
last post by:
Hi,
I've saved data into the db by doing a replace() on single quote.
Right now on data display on a datagrid, it shows double single quote.
How do I make changes during run time of datagrid so that the double single quote will be replaced as single quote?
Pls advise.
|
by: dlite922 |
last post by:
Hey guys, this is so weird, i don't know what else to do. Hopefully one of you is a Smarty guru as this is difficult to search (google and smarty forum) and if you aren't i'll post answer here, i'm sure one of you will run into it.
I have an array of object, one of those objects has an attribute that is a string (description), This description does not appear in an INPUT text field ONLY, but appears to print inside div tags just fine.
...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
