Do not store with entity encoding. What happens when the data is
later output to XML, PDF, Word, etc? You encode on output to the
target data sink (HTML, XML, PDF, SQL DB, LDAP, etc.) when pushing it
to that target. This, of course, is also to prevent XSS, SQL
Injection, LDAP injection, etc. Note that each requires a different
type of encoding, specific to the target and the target platforms'
characteristics.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"To announce that there must be no criticism of the president, or that
we are to stand by the president right or wrong, is not only
unpatriotic and servile, but is morally treasonable to the American
public."
-- Theodore Roosevelt
On Jun 12, 2008, at 4:39 PM, Troy Jones wrote:
Is it possible to maybe use an HTML entity in storing the data in
the first place? Maybe, replace the quotes with “"”? Just a
thought.
Troy Jones
Dynapp Support Team
678-528-2952
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dusty Hale
Sent: Thursday, June 12, 2008 4:35 PM
To: [email protected]
Subject: RE: [ACFUG Discuss] column contains " (quotes) and comma ,
of course this example may have problems too. It's not valid code
for one thing and you might have the same problem with single quotes.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dusty Hale
Sent: 06/12/2008 4:31 PM
To: [email protected]
Subject: RE: [ACFUG Discuss] column contains " (quotes) and comma ,
try this:
<input type="text" name="xyz" value='#xyz#' size="15">
I think that might do what your asking.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ajas
Mohammed
Sent: 06/12/2008 4:26 PM
To: [email protected]
Subject: [ACFUG Discuss] column contains " (quotes) and comma ,
Hi,
I am displaying result set from a query in form fields like this,
where column xyz contains value like this "ajas, mohd"
i.e. with the quotes and comma.
<td><input type="text" name="xyz" value="#xyz#" size="15"></td>
The form doesnt not show the contents of the column because of the
quotes. So I am using replace function to remove the quotes. This
works fine. See below.
<td><input type="text" name="xyz"
value="#Replace(xyz,"""","","All")#" size="15"></td> This results in
ajas,mohd being shown in the text form field.
How do I make the column xyz's value to appear in form field with
quotes without using the replace function. Any ideas?
Or Do I have to tell client not to send values with quotes going
forward?
--
<Ajas Mohammed />
http://ajashadi.blogspot.com
We cannot become what we need to be, remaining what we are.
No matter what, find a way. Because thats what winners do.
You can't improve what you don't measure.
Quality is never an accident; it is always the result of high
intention, sincere effort, intelligent direction and skillful
execution; it represents the wise choice of many alternatives.
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
