Hidden field value displaying when the text contains double quotes

Discussion in 'HTML' started by DennBen, Mar 28, 2007.

  1. DennBen

    DennBen Guest

    (I don't know if this is the correct forum - I'm not sure if the "alt"
    in "alt.html" specifies a type of HTML if so please let me know)


    I have a dozen or so hidden fields to a form and they are hidden as
    they should be, unless the value I assign to them has double quotes,
    then the whole value assigned that should be hidden, displays on the
    form.

    Has anyone encountered this/know why this is happening? I am using
    ColdFusion MX7.


    myVariable = '"Our values are the backbone of our business"<BR>"This
    set of quotes will break it"'


    <td width="150" valign="top">
    <FORM ACTION="action.cfm?" METHOD="Post">
    <INPUT TYPE="Hidden" NAME="Mission" VALUE="#myVariable#">
    <input type="image" src="/images/buttons/btn_approve_profile.gif"
    width="121" height="19" value="submit" alt="Approve Profile"
    border="0">
    </FORM>
    </td>

    Thanks!
    DennBen, Mar 28, 2007
    #1
    1. Advertising

  2. DennBen

    John Hosking Guest

    DennBen wrote:
    >
    > myVariable = '"Our values are the backbone of our business"<BR>"This
    > set of quotes will break it"'
    >
    > <FORM ACTION="action.cfm?" METHOD="Post">
    > <INPUT TYPE="Hidden" NAME="Mission" VALUE="#myVariable#">
    > <input type="image" src="/images/buttons/btn_approve_profile.gif"
    > width="121" height="19" value="submit" alt="Approve Profile"
    > border="0">
    > </FORM>


    Well, this is one of the wildest guesses I've ever pulled out of my, um,
    ear, but how about this: use the same delimiters for the parameter
    (VALUE="") as in the variable definition (myVariable = ""), and *invert*
    the quotes for the variable contents. Or vice-versa, since you want the
    passed variable to include double quotes. I mean, try:

    myVariable = '"Our values are the backbone of our business"<BR>"This
    set of quotes will break it"'
    and
    <INPUT bla bla VALUE='#myVariable#'>

    Then, when the variable's _value_, "Our values yadda hooey... break it"
    get dropped into the VALUE parameter (delimited by single quotes)
    there's no conflict; you end up with <INPUT bla bla VALUE='"Our values
    yadda hooey... break it"'> and the form knows what you want. Does that
    work for you?

    --
    John (offering triple-your-money back if the tip doesn't satisfy you!)
    John Hosking, Mar 28, 2007
    #2
    1. Advertising

  3. DennBen

    John Hosking Guest

    Bergamot wrote:

    <a message stamped as 1:26 am, some forty minutes before NOW>

    Hey, Berg: what time is it where you are?

    --
    John
    John Hosking, Mar 28, 2007
    #3
  4. DennBen

    Bergamot Guest

    DennBen wrote:
    >
    > I have a dozen or so hidden fields to a form and they are hidden as
    > they should be, unless the value I assign to them has double quotes
    >
    > myVariable = '"Our values are the backbone of our business"<BR>"This
    > set of quotes will break it"'


    myVariable = '&quot;Our values are the backbone of our
    business&quot;<BR>"Replace quotes with entity names or decimal
    references"'

    --
    Berg
    Bergamot, Mar 29, 2007
    #4
  5. DennBen

    Bergamot Guest

    John Hosking wrote:
    > Bergamot wrote:
    >
    > <a message stamped as 1:26 am, some forty minutes before NOW>
    >
    > Hey, Berg: what time is it where you are?


    GMT -6

    --
    Berg
    Bergamot, Mar 29, 2007
    #5
  6. DennBen

    DennBen Guest

    On Mar 28, 8:50 pm, Bergamot <> wrote:
    > John Hosking wrote:
    > > Bergamot wrote:

    >
    > > <a message stamped as 1:26 am, some forty minutes before NOW>

    >
    > > Hey, Berg: what time is it where you are?

    >
    > GMT -6
    >
    > --
    > Berg


    Hey guys, thanks for the input. I did try switching single quotes with
    double quotes for kicks - it didn't work, but had it worked it
    wouldn't have solved my solution anyway because the users of the site
    actually create that variable, I'm just passing the values to a second
    screen and the users have the ability to use single quotes as well as
    double quotes.
    I really want to understand why and how using double quotes in a
    variable string can cause a hidden field to display!
    DennBen, Mar 29, 2007
    #6
  7. Scripsit DennBen:

    > Hey guys, thanks for the input. I did try switching single quotes with
    > double quotes for kicks - it didn't work, but had it worked it
    > wouldn't have solved my solution anyway because the users of the site
    > actually create that variable, I'm just passing the values to a second
    > screen and the users have the ability to use single quotes as well as
    > double quotes.
    > I really want to understand why and how using double quotes in a
    > variable string can cause a hidden field to display!


    It sounds like you are very confused, and others can't see the situation
    clearly either. But apparently you have something (invisible to us)
    server-side that gets user input and turns it into hidden fields, _without_
    checking for quotation marks in input.

    Naturally, before putting anything into the attribute value of an HTML
    attribute, you must check whether it contains an ampersand or a quotation
    mark and turn such characters into entity or character references.

    --
    Jukka K. Korpela ("Yucca")
    http://www.cs.tut.fi/~jkorpela/
    Jukka K. Korpela, Mar 29, 2007
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris White

    Quotes/Double Quotes in Image Control

    Chris White, Sep 22, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    4,834
    Hermit Dave
    Sep 22, 2004
  2. Sydex
    Replies:
    12
    Views:
    6,453
    Victor Bazarov
    Feb 17, 2005
  3. Rick
    Replies:
    3
    Views:
    8,098
    Alexey Smirnov
    Apr 13, 2010
  4. GavMc
    Replies:
    4
    Views:
    314
    Evertjan.
    Sep 22, 2005
  5. jOhn
    Replies:
    1
    Views:
    212
    Phlip
    Jan 29, 2008
Loading...

Share This Page