We have a website developed, however after testing I have identified all the pages which have forms allow the input of special characters in the fields. This can allow a user to put in html code and run it. Is there a way to stop this? Code:
View RepliesThe website that I am developing is having a search option. The search is according to the type of Industries, like IT-Software, IT-Hardware etc. I am using procedure to search through the database. Now whenever I Select an Industry name like IT - Software, FMCG/Foods/Beverages(i.e with special characters) etc. i get an error message Code:
Line 1: Incorrect syntax near '/'.
here is the code where I am getting the error
Code:
strSQL = "sp_getsearchvacancy " & sind & "," & sexper & "," & currentPage & "," & iRecordsPerPage
objRS.Open strSQL, objConn
this is same for every keyword having special characters like / , - and even space
But when I use keywords without any special character its works fine.
i have a problem in retirving special character like ¥ . the process is to save such special characters. through ASP page from client side. it gets saved in XML which is at Server Side. while typing the character on ASP page
there is no issue. but when i save it in XML it is saved as some different values. right now. i am dealing with it by replacing the values manually. but can anybody please help me to get some function or property. to convert and reconvert these characters, as its not possible to handle each speacial character manually.
How will you remove special characters from a text? What if my user just copies the text from a web page and then pastes it on a text area? Will special characters/invisible html tags get copied also? If so, how do you remove these special characters/invisible html tags?
View Replies View RelatedI have created an online form using ASP VBscript, however the form breaks when someone inputs quotation marks in the field. I have attempted to write a function that removes the quotation marks without any success.
Function CleanString(passedvalue)
Dim tmpvar
If passedvalue > "" then
tmpVar = Trim(Replace(passedvalue, "'", ""))
Return tmpvar
Else
Return ""
End if
End Function
I am including copyright information on one of my asp pages. The page is hosted on IIS on an XP Pro machine. I want it to look like this:
Copyright © 2004
the © does not display when the asp page is called, Instead a ? appears. I know its a simple character thing. How do i get the © to display properly?
I am having problems with special characters with database calls (if I'm
referring to this in the right way). the problem is with apostrophes of all
things. If an end user puts an apostrophe in something ASP will interprete
it as a delimiter. This is aggravating because I'm trying to make this as
simple for the end user as possible and if they can't place something in a
simple text field like "Joe's Bar" (which comes out as "Joe") then I have a
problem because I don't have a solution for this. It appears that this "
´ " is not quite the same as " ' " and I don't see a special
character for apostrophes either.
I was curious as to what kind needs to be done in order for special characters to be inputted into the database. I think using these characters in an input box don't work well when transferring with SQL. So when people are writing use something like ' an error comes up.
View Replies View Relatedwhat is the newline char for VBScript? and is there any other special chars in VBScript?
View Replies View Relatedhow do i display characters such as ã é á Ó in response.write. I have this problem displaying when i query from database.
View Replies View RelatedHow do i prevent user to input special character like /, , :, *, ?, ", <, >, | and not allow it to be null in my text field? i got a page with coding here ....
View Replies View RelatedI am trying to create a Public function to use throughout my site to remove special characters specifically the single quote my code is below
Public Function RemoveSpecChar(inputString)
Dim input
input = inputString
input =Replace(input,"'"," ")
'response.write(input)
RemoveSpecChar = input
End Function
I then want to be able to call the function with Call RemoveSpecChar(variable) in my page.
Besides the following characters, what other characters are allowed in web addresses.
alphabets
numbers
colon ( : )
slash (/)
ampersand (&)
question mark (?)
equal to (=)
plus (+)
dash (-)
percentage (%)
underscore (_)
and decimal (.)
i have got a form but i dont want user to put special characters... in the form
e,g. ; @ # ' etc etc
what's the vbscript equivilant of adding slashes before special characters when doing inserts into a DB? are we supposed to just use urlencode or do replace regex calls?
PHP = addslashes
VBscript = ?????
Through javascript i am forming a dynamic sql based on some selection criteria entered by the user. If i am trying to have an alias with '&', then on executing this through an ADODB object , the statement fails and i get an error as "from keyword not found"
For ex: If i have a SQL as
select emp_name as "Emp&Mgr" from emp;
on executing this i get the above mentioned error.
But SQL's with other special characters do work.
For ex: select emp_name as "Emp,Mgr" from emp;
select emp_name as "Emp/Mgr" from emp;
select emp_name as "Emp*Mgr" from emp;
How do i solve this problem.
I tried to send some text from an asp page to an other, but my text contains some special characters like # % & and so on. I'm wondering how to send them because if I try to send the whole text, after those characters it is splitted and the other part is ignored.
View Replies View Relatedwhen i type special char. on the textbox of my asp page. it shows the character but saving it and retieving it->gives different value. e.g when i press alt+152 it accepts ÿ but after retireving the same it gives the value as ÿ.
View Replies View RelatedI have this headlineripping script up and running but special characters causes major problems. Is there any way to html encode, change character encoding or replace scandic letters ö ä and å with html code. And I think it must be done before parsing. Code:
View Replies View RelatedWhen I post a string containing special characters (& #145, & #146, & #147, etc. for single and double quotes -- spaces added so they display correctly) through a form and write the contents on the next page via Request.Form, my special characters have been replaced with the characters they represent. Does anyone have any idea why this is happening, and more importantly, how to avoid it?
View Replies View Relatedin my asp form i would like to have a field which can ONLY accept
digits BUT can accept special characters as well such as: &,$$,##.
i.e: if the user enters :
147hhh, or P44556HH or QSSPE$% ---> this will be invalid
##123,45SS---> this is invalid
125&125#10$---> this is valid
12456--> this is valid too
is there any way to do this????
I have problem inserting value with special characters such as email address: anne.walker7@btinternet.com
and creditcard:1111 2222 3333 4444 number with spaces inbetween the numbers as these special characters are reserved in MS Access. Any help
email = "anne.walker7@btinternet.com"
cardnumber = "1111 2222 3333 4444"
sql "insert into users (email, cardnumber) " &_
sql = sql & "values ('" & email & "'," cardnumber & ")"
I have some text in non English (e:g Arabic/Urdu/Hindi etc) language. When I am using file system object to or normal file system to write that text to file I get error, same code with english characters works fine.
View Replies View RelatedI have a table that contains a chunk of text, and the text commonly has special characters, such as "&" or "–". To edit this text, there is a page where the text is dumped into a textarea.
However, IE interprets the special characters, instead of their values. How can I have it so that when the text from the database is displayed inside a textbox, IE does not display the characters but instead their values?
I have a script which grabs headlines from another website. The site I am trying to grab from is in spanish and has those weird characters, but when my script outputs it onto my page, most of those special characters are replaced with question marks. Is there a way to prevent this from happening?
View Replies View RelatedI have a form that is being sent using CDONTS. The problem is the form I'm sending has a lot of special characters (it's in Spanish) and while I know how to get the chars to display correctly on the page, they're not showing up correctly in the email.
They either show up like this:
Country : Canad�;
or if I encode them, like this:
Country : Canadá
How can I get the email to display the correct character
Country : Canadá
I'm fairly new to ASP (I'm a PHP programmer) and have no clue how to do it.
I've noticed that the email is not set to encode in any special way like the equivalent for PHP......
I need to add and subtract transactions for each of our accounts
within our Access DB for account reconciliation.
Values found in our PdAmount field are either positive or negative.
Positive numbers are entered like $690.34
Negative numbers are entered like ($42.36)
I will use something like:
<%
Do until rs.eof
If rs(PdAmount) <> "" Then
'need function to check for positive
'if positive...remove "$" and add to total
'if negative...remove "(", "$", ")" and subtract from total
End If
Response.Write(total)
%>
Can someone give me a function that I can use?
I'm trying to validate several fields using regular expressions and not sure how to allow spaces and special characters within the expression.
One field is for an address:
^[a-zA-Z0-9]+$
how can I allow spaces and special characters like a comma, number sign and periods. So, if some entered an address with a suite number or p.o. box where commas, periods and number signs can be used it would validate correctly. Right now, the expression is only checking for alfanumeric characters.
Another example is for validating a city field
^[a-zA-Z]+$
I need to allow spaces...i.e. San Diego, New York
I want the special characters to be converted in html encoded format. i am using asp.
but i m getting the same string that i have passed as output.
input:
<% Response.Write("the html characters =" & Server.HtmlEncode("<p>")) %>
output:
the html characters =<p>
is there anything more required to do this.
I'm stumped by one single thing when using Msxml2.ServerXMLHTTP.4.0. I'm sending an XML-formatted text string to a foreign server and getting a response back (using Windows 2000 Server and IIS). The problem is, when they send any special characters in the response string, my application chokes. Code:
View Replies View RelatedIve written some ASP code to list information from a table in my database.. what i need is a drop down list to list all the regions (provided by a table called tblRegion), and when the region is selected that re-queries the list.. Code:
View Replies View RelatedI've got a website that I've been making some changes too as of late. It's not my website so I've been learning a lot, especially since I'm fairly new to coding and webdesign. So keep in mind, I'm just a newb. If there's not enough info here to allow anyone to help, just say so and I'll figure it out on my own. Here's my problem...
This site I'm working on has all kinds of directories and allows certain people within a company to upload files to certain directories. I've got a .asp file that shows all of the content providers for all directories in a table.
I want to make it so that in my directorylist.php file there's a button that will allow a user to click on this "View Content Providers for this Directory" button and it will read/filter this asp file, and spit out a list of only the users who have authority to upload files to that particular directory that the user is looking at.
Is there some way to link the two files to do that? Or is it just a change I need to make in the loop in the asp file or perhaps a change in the php file? I'll provide a piece of code from the .asp file. Code:
On my page i run a SQL query that selects certain records from the database,
Is there any way to select a specific record from the recordset then another one. e.g. say i run a SQL that picks up all records with ID < 30 and then i want to pick one with an ID of 1 and then one with an ID of 4 without re-running the SQL query?