After the first submit of my own form, the apostrophe is correctly present
in the DB. The problem is that at the next display of the form, the
apostrophe is transformed into this strange character, so a second submit
saves this strange character into the DB instead of the apostrophe.
I'm currently debugging my application so I progress step by step, but I am
sure know that the problem is not while saving the record to the DB, as the
apostrophe is correctly retrieved from it.
I will try afterwards to export the DB from appadmin as csv with the bad
character in the record to check your question.
Le vendredi 25 mai 2012 16:09:44 UTC+2, Massimo Di Pierro a écrit :
>
> If you export the db from appadmin in csv, is the character there?
>
> On Friday, 25 May 2012 08:53:51 UTC-5, Cédric Mayer wrote:
>>
>> I tryed to simpllfy my code to post it here, so in a controller:
>>
>> def simpletest():
>> #table definition
>> db.define_table('t_simple_test',
>> Field('f_form', type='text',
>> label=T('Form'),
>> comment=T('Write anything here')))
>> #form definition
>> questionid = 0
>> if request.args(0):
>> questionid = request.args(0)
>> record = db.t_simple_test(questionid)
>> if not record:
>> session.flash = T("Unknown form %s") % questionid
>> redirect(URL('index'))
>> logger.info("Editing form %s" % questionid)
>> form = SQLFORM(db.t_simple_test, record, deletable=True)
>> else:
>> logger.info("Editing new form")
>> form = SQLFORM(db.t_simple_test)
>> if form.accepts(request.vars, session):
>> response.flash = T("Form saved.")
>> if not questionid:#first save
>> session.flash = response.flash
>> redirect(URL('simpletest',args=[form.vars.id]))
>> elif form.errors:
>> response.flash = T("Form in error.")
>> return dict(form=form,questionid=questionid)
>>
>> (I know I should avoid to define a table in the controller, but I moved
>> the definition here in order not to mess with the rest of my code.)
>> But using the form generated by this controller, I cannot reproduce my
>> problem. :-(
>>
>> In my other controller functions where I reproduce the problem, I just do
>> some other things after the form.accepts() (because I added more things in
>> my form in the view), but I do not change the content of the submitted form.
>> Even in the views I do not check nor rewrite the content of standard form
>> fields... I will investigate more and replace escaped characters by the
>> non-escaped ones for the moment.
>>
>> I know the content written to a page is escaped, so I use XML(form) to
>> keep HTML content. But only selected people can write such content, general
>> users only see the displayed HTML :-)
>>
>> Thank you Anthony !
>>
>> Le vendredi 25 mai 2012 15:11:33 UTC+2, Anthony a écrit :
>>>
>>> Can you post some code? Using your own SQLFORM will produce the same
>>> results as appadmin when creating and editing a record (appadmin also uses
>>> SQLFORM).
>>>
>>> Note, by default, any content you write directly to the page in the view
>>> is escaped, so any HTML tags will be escaped and displayed as literals
>>> rather than interpreted as HTML. To prevent content from being escaped, you
>>> have to wrap it in XML() (see
>>> http://web2py.com/books/default/chapter/29/5#XML). Be careful about
>>> that -- if you fail to escape content submitted by general users, you'll
>>> have a cross-site scripting vulnerability (
>>> http://en.wikipedia.org/wiki/Cross-site_scripting).
>>>
>>> Anthony
>>>
>>> On Friday, May 25, 2012 4:35:30 AM UTC-4, Cédric Mayer wrote:
>>>>
>>>> Hello !
>>>> I have a table with "text" fields:
>>>> Field('f_comments', type='text',
>>>> label=T('Comment')),
>>>> or even:
>>>> Field('f_form', type='text',
>>>> label=T('Form'), comment=T('Please write HTML here')),
>>>> Using appadmin interface, if I use an apostrophe " ' " inside the
>>>> textarea fields and submit the record form, the apostrophe saved, and if I
>>>> display the appadmin form for the same record again, they are displayed
>>>> inside the textarea fields.
>>>>
>>>> But creating my own form:
>>>> form = SQLFORM(db.t_question, record, deletable=True)
>>>> apostrophes " ' " do not appear anymore.
>>>>
>>>> I did some copy-paste of what was inside my own textarea to an
>>>> hexadecimal editor, and the apostrophe are replaced with the # 27 (hexa
>>>> 1B)
>>>> character in the case of my own form.
>>>>
>>>> If I save the form as-is, this 1B character is saved too, and so the
>>>> apostrophe disappears also if I look to the record from the appadmin
>>>> interface.
>>>>
>>>> It is really anoying as I use the content of the fields as pure HTML
>>>> afterwards : not having apostrophes leads to errors if I try to have some
>>>> Javascript in those fields.
>>>>
>>>> 1) What is the difference between the form generated in appadmin, and
>>>> the one generated by SQLFORM ?
>>>> 2) Is there a way not to escape " ' " in text fields ?
>>>>
>>>
