Double quotes issue

[Abdul Azeem]

Hi All

I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double
quote and greater then sign, first I need to insert this value into
database, second this inserted value I have display in a textbox by
retriving from database, as it has "> at end of the string values are
getting discarded. if any of you have worked or know how to solve this issue
pls help me.

Thanks in Advance.
- Azeem.

 

[Jon Skeet [C# MVP]]

I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double
quote and greater then sign, first I need to insert this value into
database, second this inserted value I have display in a textbox by
retriving from database, as it has "> at end of the string values are
getting discarded. if any of you have worked or know how to solve this issue
pls help me.

Use a parameterised SQL statement rather than trying to insert the
literal value into the SQL. This also has security benefits (no SQL
injection attacks) and potential performance benefits depending on the
database.

 

[Abdul Azeem]

Thanks Jon, I will use parameterised SQL for inserting data into database
but while display back into a TextBox the values are getting discarding,
could you give me any solution for this pls.

Thanks,
- Azeem.

I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double
quote and greater then sign, first I need to insert this value into
database, second this inserted value I have display in a textbox by
retriving from database, as it has "> at end of the string values are
getting discarded. if any of you have worked or know how to solve this issue
pls help me.

Use a parameterised SQL statement rather than trying to insert the
literal value into the SQL. This also has security benefits (no SQL
injection attacks) and potential performance benefits depending on the
database.

 

[Cor Ligthert]

Abdul,

This shows for me 4 double quotes in a textbox (winforms)
Dim a As String = """"""""""
Dim b As String = a
Me.TextBox1.Text = b

I hope this helps,

Cor

 

[Bob Barrows [MVP]]

Hi All

I have some data string like ~!@#$%'^&(*("}[;asd"> which contains
double quote and greater then sign, first I need to insert this value
into database, second this inserted value I have display in a textbox
by retriving from database, as it has "> at end of the string values
are getting discarded. if any of you have worked or know how to solve
this issue pls help me.

You've crossposted two newsgroups that cover different technologies. Since I
am reading this in the .asp.general newsgroup, I will give a "classic" asp
solution. If you actually need a .Net solution, let us know and remove the
classic asp group from your crosspost.

Solution:
Use parameters to store the data into the database.
Use server.htmlencode when writing the data retrieved from the database to
the Response. Example:

<INPUT value="<%=server.htmlencode(datafromdatabase)%>">

Bob Barrows

 

[Jay B. Harlow [MVP - Outlook]]

Abdul,
Are you using ASP or ASP.NET? as you cross posted to both technologies.

As Bob showed you can user server.htmlencode in ASP to encode the string.

In ASP.NET you can use HttpUtility.HtmlEncode to encode the string.

http://msdn.microsoft.com/library/d...fSystemWebHttpUtilityClassHtmlEncodeTopic.asp

It appears HttpUtility.HtmlDecode has an example of calling the above
method.

Hope this helps
Jay

| Hi All
|
| I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double
| quote and greater then sign, first I need to insert this value into
| database, second this inserted value I have display in a textbox by
| retriving from database, as it has "> at end of the string values are
| getting discarded. if any of you have worked or know how to solve this
issue
| pls help me.
|
| Thanks in Advance.
| - Azeem.
|
|
|

 

[Jon Skeet [C# MVP]]

Thanks Jon, I will use parameterised SQL for inserting data into database
but while display back into a TextBox the values are getting discarding,
could you give me any solution for this pls.

They shouldn't be.

Could you post a short but complete program which demonstrates the
problem?

See http://www.pobox.com/~skeet/csharp/complete.html for details of
what I mean by that.

 

[Abdul Azeem]

Hi Jay

I am using ASP server.htmlencode is not working I have given like <input
type="text" value= server.htmlencode("myEncodedText") name="text1">,

is this the correct way?

Thanks,
- Azeem.

 

[Bob Barrows [MVP]]

Hi Jay

I am using ASP server.htmlencode is not working I have given like
<input type="text" value= server.htmlencode("myEncodedText")
name="text1">,

is this the correct way?

No.

It's _server_.htmlencode. In other words, it's a _server-side_ function. It
can only be executed in a server-side script block as I showed in my first
reply to you.Also, the attribute value should be delimited with quotes:

<input
type="text" value= "
<%=server.htmlencode("myEncodedText")%>
" name="text1">

<%= is shorthand for
<% Response.Write

Bob Barrows

 

[Brian Cryer]

You may find that values don't appear when you view them on an HTML page
because the text you are trying to display contains characters which the
browser is treating as HTML (i.e. a sort of HTML-injection-attack rather
than a SQL-injection attack.)

If you run it through the IDE do you see the correct value in the debugger?

Brian.

www.cryer.co.uk/brian

Thanks Jon, I will use parameterised SQL for inserting data into database
but while display back into a TextBox the values are getting discarding,
could you give me any solution for this pls.

Thanks,
- Azeem.

I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double
quote and greater then sign, first I need to insert this value into
database, second this inserted value I have display in a textbox by
retriving from database, as it has "> at end of the string values are
getting discarded. if any of you have worked or know how to solve this issue
pls help me.

Use a parameterised SQL statement rather than trying to insert the
literal value into the SQL. This also has security benefits (no SQL
injection attacks) and potential performance benefits depending on the
database.