Is It Really Necessary To Use Htmlencode?
I have a website where people can enter comments into a textarea - some of these may have a bit of html - like links - or <blockquote>
the comments are stored in a Access2000 mdb file - A friend told me that i have to use htmlencode on the textarea string before storing it in the database. but it seems to work fine without doing this - is there any reason as to why i should put it thru htmlencode? when the comments are displayed they are written straight into a <div>
<div><%=recset.fields("comments")%></div>
View Replies
While working on some multilingual code I found a rather strange thing
happening with Server.HTMLEncode.
While loading different languages I change the Codepage and Charset in
ASP to reflect the language. This all works fine. However when I tried
to use Charset UTF-8 with Codepage 65001 everywhere I found that
HTMLEncode always translates all UTF-8 characters to &#xxxx. Code:
View Replies
View Related
Is it useful to ALWAYS use Server.HTMLEncode when writing data read from a db? Ex.
Response.Write (Server.HTMLEncode(var)) instead of Response.Write var
View Replies
View Related
how to reverse server.htmlencode()? is there a built-in function im missing here?
View Replies
View Related
If I want to encode all inputs from user, can I apply this encoding for all "Input" fields on my site in a single action. Something like Input.HtmlEncodeAll() or HtmlEncodeAllInputs() etc.
View Replies
View Related
I'm getting the above error and I can't figure out why...
Here is the line:
Response.Write Server.HTMLEncode(queryRS("characterization"))
Running IIS 6.0
View Replies
View Related
PHP Code:
<meta name="Keywords" content="<%= server.htmlencode(oRS("MetaKeywords"))%>" />
Is what I am using to ensure that any silly characters are being erased to ensure that xhtml is successful.
But the little issue I am going to have is with the use of javascript enclose.
I need about three buttons for the cms system:-
PHP Code:
View Replies
View Related
Normally when I do serverside processing and if the string may contain < or > characters in the userdata I would do:
<%=Server.HTMLEncode(userdata)%>
However if I'm doing client side processing is there any equivalent VB function that I can call to do just that, or do I have to write my own routine to convert < to < and > to >, etc?
View Replies
View Related
I am creating an application for work and have run into a problem.
I have a form that has a comments field in it. When I create a new entry in the DB (Oracle BTW), I just use this:
Server.HTMLEncode("pmcomments")
This works great for any special characters that people may use.
The problem is when I go to edit this entry and try to update the comments field. Using HTMLEncode does not seem to work when I'm doing an "UPDATE" to the DB instead of an "INSERT". I get this error:
Microsoft OLE DB Provider for Oracle (0x80040E14)
ORA-00933: SQL command not properly ended
/COMM_CENTER/mmf/mmf_save_1.asp, line 71
Which obviously means it's not converting the string that I'm attempting to edit in the DB....
View Replies
View Related