Is It Really Necessary To Use Htmlencode?

I have a website where people can enter comments into a textarea - some of these may have a bit of html - like links - or <blockquote>

the comments are stored in a Access2000 mdb file - A friend told me that i have to use htmlencode on the textarea string before storing it in the database. but it seems to work fine without doing this - is there any reason as to why i should put it thru htmlencode? when the comments are displayed they are written straight into a <div>

<div><%=recset.fields("comments")%></div>

View Replies


ADVERTISEMENT

Server.HTMLEncode With UTF-8

While working on some multilingual code I found a rather strange thing
happening with Server.HTMLEncode.

While loading different languages I change the Codepage and Charset in
ASP to reflect the language. This all works fine. However when I tried
to use Charset UTF-8 with Codepage 65001 everywhere I found that
HTMLEncode always translates all UTF-8 characters to &#xxxx. Code:

View Replies View Related

Always Use Server.HTMLEncode?

Is it useful to ALWAYS use Server.HTMLEncode when writing data read from a db? Ex.
Response.Write (Server.HTMLEncode(var)) instead of Response.Write var

View Replies View Related

Reverse HTMLEncode

how to reverse server.htmlencode()? is there a built-in function im missing here?

View Replies View Related

HtmlEncode For All Controls

If I want to encode all inputs from user, can I apply this encoding for all "Input" fields on my site in a single action. Something like Input.HtmlEncodeAll() or HtmlEncodeAllInputs() etc.

View Replies View Related

Type Mismatch: 'HTMLEncode'

I'm getting the above error and I can't figure out why...

Here is the line:
Response.Write Server.HTMLEncode(queryRS("characterization"))

Running IIS 6.0

View Replies View Related

Issue With Server.htmlencode

PHP Code:

<meta name="Keywords" content="<%= server.htmlencode(oRS("MetaKeywords"))%>" /> 

Is what I am using to ensure that any silly characters are being erased to ensure that xhtml is successful.

But the little issue I am going to have is with the use of javascript enclose.

I need about three buttons for the cms system:-

PHP Code:

View Replies View Related

Client Side Server.HTMLEncode

Normally when I do serverside processing and if the string may contain < or > characters in the userdata I would do:

<%=Server.HTMLEncode(userdata)%>

However if I'm doing client side processing is there any equivalent VB function that I can call to do just that, or do I have to write my own routine to convert < to < and > to >, etc?

View Replies View Related

HTMLEncode :: Microsoft OLE DB Provider For Oracle (0x80040E14)

I am creating an application for work and have run into a problem.

I have a form that has a comments field in it. When I create a new entry in the DB (Oracle BTW), I just use this:

Server.HTMLEncode("pmcomments")

This works great for any special characters that people may use.

The problem is when I go to edit this entry and try to update the comments field. Using HTMLEncode does not seem to work when I'm doing an "UPDATE" to the DB instead of an "INSERT". I get this error:

Microsoft OLE DB Provider for Oracle (0x80040E14)
ORA-00933: SQL command not properly ended
/COMM_CENTER/mmf/mmf_save_1.asp, line 71

Which obviously means it's not converting the string that I'm attempting to edit in the DB....

View Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved