473,326 Members | 2,732 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Double quotes issue

Hi All

I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double
quote and greater then sign, first I need to insert this value into
database, second this inserted value I have display in a textbox by
retriving from database, as it has "> at end of the string values are
getting discarded. if any of you have worked or know how to solve this issue
pls help me.

Thanks in Advance.
- Azeem.

Nov 22 '05 #1
13 1869
Abdul Azeem <ab********@abc.com> wrote:
I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double
quote and greater then sign, first I need to insert this value into
database, second this inserted value I have display in a textbox by
retriving from database, as it has "> at end of the string values are
getting discarded. if any of you have worked or know how to solve this issue
pls help me.


Use a parameterised SQL statement rather than trying to insert the
literal value into the SQL. This also has security benefits (no SQL
injection attacks) and potential performance benefits depending on the
database.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Nov 22 '05 #2
Thanks Jon, I will use parameterised SQL for inserting data into database
but while display back into a TextBox the values are getting discarding,
could you give me any solution for this pls.

Thanks,
- Azeem.
"Jon Skeet [C# MVP]" <sk***@pobox.com> wrote in message
news:MP************************@msnews.microsoft.c om...
Abdul Azeem <ab********@abc.com> wrote:
I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double quote and greater then sign, first I need to insert this value into
database, second this inserted value I have display in a textbox by
retriving from database, as it has "> at end of the string values are
getting discarded. if any of you have worked or know how to solve this issue pls help me.


Use a parameterised SQL statement rather than trying to insert the
literal value into the SQL. This also has security benefits (no SQL
injection attacks) and potential performance benefits depending on the
database.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too

Nov 22 '05 #3
Abdul,

This shows for me 4 double quotes in a textbox (winforms)
Dim a As String = """"""""""
Dim b As String = a
Me.TextBox1.Text = b

I hope this helps,

Cor
Nov 22 '05 #4
Abdul Azeem wrote:
Hi All

I have some data string like ~!@#$%'^&(*("}[;asd"> which contains
double quote and greater then sign, first I need to insert this value
into database, second this inserted value I have display in a textbox
by retriving from database, as it has "> at end of the string values
are getting discarded. if any of you have worked or know how to solve
this issue pls help me.

You've crossposted two newsgroups that cover different technologies. Since I
am reading this in the .asp.general newsgroup, I will give a "classic" asp
solution. If you actually need a .Net solution, let us know and remove the
classic asp group from your crosspost.

Solution:
Use parameters to store the data into the database.
Use server.htmlencode when writing the data retrieved from the database to
the Response. Example:

<INPUT value="<%=server.htmlencode(datafromdatabase)%>">

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Nov 22 '05 #5
Abdul,
Are you using ASP or ASP.NET? as you cross posted to both technologies.

As Bob showed you can user server.htmlencode in ASP to encode the string.

In ASP.NET you can use HttpUtility.HtmlEncode to encode the string.

http://msdn.microsoft.com/library/de...ncodeTopic.asp

It appears HttpUtility.HtmlDecode has an example of calling the above
method.

Hope this helps
Jay

"Abdul Azeem" <ab********@abc.com> wrote in message
news:e7****************@TK2MSFTNGP10.phx.gbl...
| Hi All
|
| I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double
| quote and greater then sign, first I need to insert this value into
| database, second this inserted value I have display in a textbox by
| retriving from database, as it has "> at end of the string values are
| getting discarded. if any of you have worked or know how to solve this
issue
| pls help me.
|
| Thanks in Advance.
| - Azeem.
|
|
|
Nov 22 '05 #6
Abdul Azeem <ab********@abc.com> wrote:
Thanks Jon, I will use parameterised SQL for inserting data into database
but while display back into a TextBox the values are getting discarding,
could you give me any solution for this pls.


They shouldn't be.

Could you post a short but complete program which demonstrates the
problem?

See http://www.pobox.com/~skeet/csharp/complete.html for details of
what I mean by that.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Nov 22 '05 #7
Abdul Azeem <ab********@abc.com> wrote:
Thanks Jon, I will use parameterised SQL for inserting data into database
but while display back into a TextBox the values are getting discarding,
could you give me any solution for this pls.


They shouldn't be.

Could you post a short but complete program which demonstrates the
problem?

See http://www.pobox.com/~skeet/csharp/complete.html for details of
what I mean by that.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Nov 22 '05 #8
Hi Jay

I am using ASP server.htmlencode is not working I have given like <input
type="text" value= server.htmlencode("myEncodedText") name="text1">,

is this the correct way?

Thanks,
- Azeem.
"Jay B. Harlow [MVP - Outlook]" <Ja************@msn.com> wrote in message
news:OM*************@TK2MSFTNGP12.phx.gbl...
Abdul,
Are you using ASP or ASP.NET? as you cross posted to both technologies.

As Bob showed you can user server.htmlencode in ASP to encode the string.

In ASP.NET you can use HttpUtility.HtmlEncode to encode the string.

http://msdn.microsoft.com/library/de...us/cpref/html/
frlrfSystemWebHttpUtilityClassHtmlEncodeTopic.asp
It appears HttpUtility.HtmlDecode has an example of calling the above
method.

Hope this helps
Jay

"Abdul Azeem" <ab********@abc.com> wrote in message
news:e7****************@TK2MSFTNGP10.phx.gbl...
| Hi All
|
| I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double | quote and greater then sign, first I need to insert this value into
| database, second this inserted value I have display in a textbox by
| retriving from database, as it has "> at end of the string values are
| getting discarded. if any of you have worked or know how to solve this
issue
| pls help me.
|
| Thanks in Advance.
| - Azeem.
|
|
|

Nov 22 '05 #9
Hi Jay

I am using ASP server.htmlencode is not working I have given like <input
type="text" value= server.htmlencode("myEncodedText") name="text1">,

is this the correct way?

Thanks,
- Azeem.
"Jay B. Harlow [MVP - Outlook]" <Ja************@msn.com> wrote in message
news:OM*************@TK2MSFTNGP12.phx.gbl...
Abdul,
Are you using ASP or ASP.NET? as you cross posted to both technologies.

As Bob showed you can user server.htmlencode in ASP to encode the string.

In ASP.NET you can use HttpUtility.HtmlEncode to encode the string.

http://msdn.microsoft.com/library/de...us/cpref/html/
frlrfSystemWebHttpUtilityClassHtmlEncodeTopic.asp
It appears HttpUtility.HtmlDecode has an example of calling the above
method.

Hope this helps
Jay

"Abdul Azeem" <ab********@abc.com> wrote in message
news:e7****************@TK2MSFTNGP10.phx.gbl...
| Hi All
|
| I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double | quote and greater then sign, first I need to insert this value into
| database, second this inserted value I have display in a textbox by
| retriving from database, as it has "> at end of the string values are
| getting discarded. if any of you have worked or know how to solve this
issue
| pls help me.
|
| Thanks in Advance.
| - Azeem.
|
|
|

Nov 22 '05 #10
Abdul Azeem wrote:
Hi Jay

I am using ASP server.htmlencode is not working I have given like
<input type="text" value= server.htmlencode("myEncodedText")
name="text1">,

is this the correct way?


No.

It's _server_.htmlencode. In other words, it's a _server-side_ function. It
can only be executed in a server-side script block as I showed in my first
reply to you.Also, the attribute value should be delimited with quotes:

<input
type="text" value= "
<%=server.htmlencode("myEncodedText")%>
" name="text1">

<%= is shorthand for
<% Response.Write

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Nov 22 '05 #11
You may find that values don't appear when you view them on an HTML page
because the text you are trying to display contains characters which the
browser is treating as HTML (i.e. a sort of HTML-injection-attack rather
than a SQL-injection attack.)

If you run it through the IDE do you see the correct value in the debugger?

Brian.

www.cryer.co.uk/brian

"Abdul Azeem" <ab********@abc.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Thanks Jon, I will use parameterised SQL for inserting data into database
but while display back into a TextBox the values are getting discarding,
could you give me any solution for this pls.

Thanks,
- Azeem.
"Jon Skeet [C# MVP]" <sk***@pobox.com> wrote in message
news:MP************************@msnews.microsoft.c om...
Abdul Azeem <ab********@abc.com> wrote:
> I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double > quote and greater then sign, first I need to insert this value into
> database, second this inserted value I have display in a textbox by
> retriving from database, as it has "> at end of the string values are
> getting discarded. if any of you have worked or know how to solve this issue > pls help me.


Use a parameterised SQL statement rather than trying to insert the
literal value into the SQL. This also has security benefits (no SQL
injection attacks) and potential performance benefits depending on the
database.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too


Nov 22 '05 #12
Abdul Azeem wrote:
Hi Jay

I am using ASP server.htmlencode is not working I have given like
<input type="text" value= server.htmlencode("myEncodedText")
name="text1">,

is this the correct way?


No.

It's _server_.htmlencode. In other words, it's a _server-side_ function. It
can only be executed in a server-side script block as I showed in my first
reply to you.Also, the attribute value should be delimited with quotes:

<input
type="text" value= "
<%=server.htmlencode("myEncodedText")%>
" name="text1">

<%= is shorthand for
<% Response.Write

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Nov 22 '05 #13
You may find that values don't appear when you view them on an HTML page
because the text you are trying to display contains characters which the
browser is treating as HTML (i.e. a sort of HTML-injection-attack rather
than a SQL-injection attack.)

If you run it through the IDE do you see the correct value in the debugger?

Brian.

www.cryer.co.uk/brian

"Abdul Azeem" <ab********@abc.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Thanks Jon, I will use parameterised SQL for inserting data into database
but while display back into a TextBox the values are getting discarding,
could you give me any solution for this pls.

Thanks,
- Azeem.
"Jon Skeet [C# MVP]" <sk***@pobox.com> wrote in message
news:MP************************@msnews.microsoft.c om...
Abdul Azeem <ab********@abc.com> wrote:
> I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double > quote and greater then sign, first I need to insert this value into
> database, second this inserted value I have display in a textbox by
> retriving from database, as it has "> at end of the string values are
> getting discarded. if any of you have worked or know how to solve this issue > pls help me.


Use a parameterised SQL statement rather than trying to insert the
literal value into the SQL. This also has security benefits (no SQL
injection attacks) and potential performance benefits depending on the
database.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too


Nov 22 '05 #14

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

11
by: Jakanapes | last post by:
Hi all, I'm looking for a way to scan a block of text and replace all the double quotes (") with single quotes ('). I'm using PHP to pull text out of a mySQL table and then feed the text into...
5
by: Joel | last post by:
Hi, I incorporated a function in my code that whenever I use a string variable in an sql statement if the string contains a single quote it will encase it in double quotes else single quotes. ...
24
by: deko | last post by:
I'm trying to log error messages and sometimes (no telling when or where) the message contains a string with double quotes. Is there a way get the query to insert the string with the double...
4
by: (PeteCresswell) | last post by:
Is his just a flat-out "No-No" or is there some workaround when it comes time for SQL searches and DAO.FindFirsts against fields containing same? I can see maybe wrapping the value searched for...
12
by: Brett Hofer | last post by:
I must be missing something - Im a veteran C++ programmer now working with C# overall I like the language but find many weird changes... Anyway Im writing code behind an aspx. In this one C#...
7
by: gar | last post by:
Hi, I need to replace all the double quotes (") in a textbox with single quotes ('). I used this code text= Replace(text, """", "'" This works fine (for normal double quotes).The problem...
4
by: Justin Fancy | last post by:
Hi everyone, I need to replace all instances of a double quote(") with two single quotes('') in a text file. I already have some replacements of strings going on, but I tried this one, but the...
15
by: bill | last post by:
I am trying to write clean code but keep having trouble deciding when to quote an array index and when not to. sometimes when I quote an array index inside of double quotes I get an error about...
5
by: xzzy | last post by:
I am writing an app that enables a user to reply to a newsgroup. The proper syntax for From: is "screen name" email@address.com and over all, it should look like: --
1
by: Yearwood | last post by:
Hi, I'm basically trying to import a CSV into an ACCESS database. Sample date is shown below: "",10173,"Development Manager - Social Economy Sector","Trust Bank",10153,,"Lolalll Pudd","Meet the...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.