Double quotes issue

Discussion in 'ASP General' started by Abdul Azeem, May 23, 2005.

  1. Abdul Azeem

    Abdul Azeem Guest

    Hi All

    I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double
    quote and greater then sign, first I need to insert this value into
    database, second this inserted value I have display in a textbox by
    retriving from database, as it has "> at end of the string values are
    getting discarded. if any of you have worked or know how to solve this issue
    pls help me.

    Thanks in Advance.
    - Azeem.
     
    Abdul Azeem, May 23, 2005
    #1
    1. Advertising

  2. Abdul Azeem <> wrote:
    > I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double
    > quote and greater then sign, first I need to insert this value into
    > database, second this inserted value I have display in a textbox by
    > retriving from database, as it has "> at end of the string values are
    > getting discarded. if any of you have worked or know how to solve this issue
    > pls help me.


    Use a parameterised SQL statement rather than trying to insert the
    literal value into the SQL. This also has security benefits (no SQL
    injection attacks) and potential performance benefits depending on the
    database.

    --
    Jon Skeet - <>
    http://www.pobox.com/~skeet
    If replying to the group, please do not mail me too
     
    Jon Skeet [C# MVP], May 23, 2005
    #2
    1. Advertising

  3. Abdul Azeem

    Abdul Azeem Guest

    Thanks Jon, I will use parameterised SQL for inserting data into database
    but while display back into a TextBox the values are getting discarding,
    could you give me any solution for this pls.

    Thanks,
    - Azeem.


    "Jon Skeet [C# MVP]" <> wrote in message
    news:...
    > Abdul Azeem <> wrote:
    > > I have some data string like ~!@#$%'^&(*("}[;asd"> which contains

    double
    > > quote and greater then sign, first I need to insert this value into
    > > database, second this inserted value I have display in a textbox by
    > > retriving from database, as it has "> at end of the string values are
    > > getting discarded. if any of you have worked or know how to solve this

    issue
    > > pls help me.

    >
    > Use a parameterised SQL statement rather than trying to insert the
    > literal value into the SQL. This also has security benefits (no SQL
    > injection attacks) and potential performance benefits depending on the
    > database.
    >
    > --
    > Jon Skeet - <>
    > http://www.pobox.com/~skeet
    > If replying to the group, please do not mail me too
     
    Abdul Azeem, May 23, 2005
    #3
  4. Abdul Azeem

    Cor Ligthert Guest

    Abdul,

    This shows for me 4 double quotes in a textbox (winforms)
    Dim a As String = """"""""""
    Dim b As String = a
    Me.TextBox1.Text = b

    I hope this helps,

    Cor
     
    Cor Ligthert, May 23, 2005
    #4
  5. Abdul Azeem wrote:
    > Hi All
    >
    > I have some data string like ~!@#$%'^&(*("}[;asd"> which contains
    > double quote and greater then sign, first I need to insert this value
    > into database, second this inserted value I have display in a textbox
    > by retriving from database, as it has "> at end of the string values
    > are getting discarded. if any of you have worked or know how to solve
    > this issue pls help me.
    >

    You've crossposted two newsgroups that cover different technologies. Since I
    am reading this in the .asp.general newsgroup, I will give a "classic" asp
    solution. If you actually need a .Net solution, let us know and remove the
    classic asp group from your crosspost.

    Solution:
    Use parameters to store the data into the database.
    Use server.htmlencode when writing the data retrieved from the database to
    the Response. Example:

    <INPUT value="<%=server.htmlencode(datafromdatabase)%>">

    Bob Barrows
    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
     
    Bob Barrows [MVP], May 23, 2005
    #5
  6. Abdul,
    Are you using ASP or ASP.NET? as you cross posted to both technologies.

    As Bob showed you can user server.htmlencode in ASP to encode the string.

    In ASP.NET you can use HttpUtility.HtmlEncode to encode the string.

    http://msdn.microsoft.com/library/d...fSystemWebHttpUtilityClassHtmlEncodeTopic.asp

    It appears HttpUtility.HtmlDecode has an example of calling the above
    method.

    Hope this helps
    Jay

    "Abdul Azeem" <> wrote in message
    news:e7%...
    | Hi All
    |
    | I have some data string like ~!@#$%'^&(*("}[;asd"> which contains double
    | quote and greater then sign, first I need to insert this value into
    | database, second this inserted value I have display in a textbox by
    | retriving from database, as it has "> at end of the string values are
    | getting discarded. if any of you have worked or know how to solve this
    issue
    | pls help me.
    |
    | Thanks in Advance.
    | - Azeem.
    |
    |
    |
     
    Jay B. Harlow [MVP - Outlook], May 23, 2005
    #6
  7. Abdul Azeem <> wrote:
    > Thanks Jon, I will use parameterised SQL for inserting data into database
    > but while display back into a TextBox the values are getting discarding,
    > could you give me any solution for this pls.


    They shouldn't be.

    Could you post a short but complete program which demonstrates the
    problem?

    See http://www.pobox.com/~skeet/csharp/complete.html for details of
    what I mean by that.

    --
    Jon Skeet - <>
    http://www.pobox.com/~skeet
    If replying to the group, please do not mail me too
     
    Jon Skeet [C# MVP], May 23, 2005
    #7
  8. Abdul Azeem

    Abdul Azeem Guest

    Hi Jay

    I am using ASP server.htmlencode is not working I have given like <input
    type="text" value= server.htmlencode("myEncodedText") name="text1">,

    is this the correct way?

    Thanks,
    - Azeem.


    "Jay B. Harlow [MVP - Outlook]" <> wrote in message
    news:...
    > Abdul,
    > Are you using ASP or ASP.NET? as you cross posted to both technologies.
    >
    > As Bob showed you can user server.htmlencode in ASP to encode the string.
    >
    > In ASP.NET you can use HttpUtility.HtmlEncode to encode the string.
    >
    >

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/
    frlrfSystemWebHttpUtilityClassHtmlEncodeTopic.asp
    >
    > It appears HttpUtility.HtmlDecode has an example of calling the above
    > method.
    >
    > Hope this helps
    > Jay
    >
    > "Abdul Azeem" <> wrote in message
    > news:e7%...
    > | Hi All
    > |
    > | I have some data string like ~!@#$%'^&(*("}[;asd"> which contains

    double
    > | quote and greater then sign, first I need to insert this value into
    > | database, second this inserted value I have display in a textbox by
    > | retriving from database, as it has "> at end of the string values are
    > | getting discarded. if any of you have worked or know how to solve this
    > issue
    > | pls help me.
    > |
    > | Thanks in Advance.
    > | - Azeem.
    > |
    > |
    > |
    >
    >
     
    Abdul Azeem, May 24, 2005
    #8
  9. Abdul Azeem wrote:
    > Hi Jay
    >
    > I am using ASP server.htmlencode is not working I have given like
    > <input type="text" value= server.htmlencode("myEncodedText")
    > name="text1">,
    >
    > is this the correct way?
    >


    No.

    It's _server_.htmlencode. In other words, it's a _server-side_ function. It
    can only be executed in a server-side script block as I showed in my first
    reply to you.Also, the attribute value should be delimited with quotes:

    <input
    type="text" value= "
    <%=server.htmlencode("myEncodedText")%>
    " name="text1">

    <%= is shorthand for
    <% Response.Write

    Bob Barrows
    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
     
    Bob Barrows [MVP], May 24, 2005
    #9
  10. Abdul Azeem

    Brian Cryer Guest

    You may find that values don't appear when you view them on an HTML page
    because the text you are trying to display contains characters which the
    browser is treating as HTML (i.e. a sort of HTML-injection-attack rather
    than a SQL-injection attack.)

    If you run it through the IDE do you see the correct value in the debugger?

    Brian.

    www.cryer.co.uk/brian

    "Abdul Azeem" <> wrote in message
    news:%...
    > Thanks Jon, I will use parameterised SQL for inserting data into database
    > but while display back into a TextBox the values are getting discarding,
    > could you give me any solution for this pls.
    >
    > Thanks,
    > - Azeem.
    >
    >
    > "Jon Skeet [C# MVP]" <> wrote in message
    > news:...
    >> Abdul Azeem <> wrote:
    >> > I have some data string like ~!@#$%'^&(*("}[;asd"> which contains

    > double
    >> > quote and greater then sign, first I need to insert this value into
    >> > database, second this inserted value I have display in a textbox by
    >> > retriving from database, as it has "> at end of the string values are
    >> > getting discarded. if any of you have worked or know how to solve this

    > issue
    >> > pls help me.

    >>
    >> Use a parameterised SQL statement rather than trying to insert the
    >> literal value into the SQL. This also has security benefits (no SQL
    >> injection attacks) and potential performance benefits depending on the
    >> database.
    >>
    >> --
    >> Jon Skeet - <>
    >> http://www.pobox.com/~skeet
    >> If replying to the group, please do not mail me too

    >
    >
     
    Brian Cryer, May 24, 2005
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris White

    Quotes/Double Quotes in Image Control

    Chris White, Sep 22, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    4,859
    Hermit Dave
    Sep 22, 2004
  2. Replies:
    2
    Views:
    373
  3. Sydex
    Replies:
    12
    Views:
    6,528
    Victor Bazarov
    Feb 17, 2005
  4. =?Utf-8?B?bXNkbnVzZXI=?=

    Issue with double quotes in xml used in a ASP.Net page

    =?Utf-8?B?bXNkbnVzZXI=?=, Aug 21, 2007, in forum: ASP .Net
    Replies:
    6
    Views:
    753
    =?UTF-8?B?R8O2cmFuIEFuZGVyc3Nvbg==?=
    Sep 2, 2007
  5. jOhn
    Replies:
    1
    Views:
    230
    Phlip
    Jan 29, 2008
Loading...

Share This Page