Re: using a double quote character inside a text field as an initial value...

From: Thomas Kyte <tkyte_at_us.oracle.com>
Date: Tue, 02 Nov 1999 07:30:42 -0500
Message-ID: <ytgeOPBAakL7FATW5sQ5tAVl5+ML_at_4ax.com>

A copy of this was sent to "Steve B" <steve.bright_at_capgemini.co.uk> (if that email address didn't require changing) On Tue, 2 Nov 1999 10:29:25 -0000, you wrote:

>Hope you can help...we're currently generating dynamic web pages using
>Oracle Application Server....
>
>Most of the pages require the use of forms to capture user information, and
>a lot of these forms are populated with database information so it can be
>updated etc......
>
>we define things such as text fields as
>
><input type="text" name="text_field" value=" '||
><some_value_from_the_database> ||' ">
>
>where '|| ||' are the Oracle concatenation marks for those HTMLers
>amongst you.....

put out

htf.escape_sc( string )

not just string

escape_sc will

function escape_sc(ctext in varchar2) return varchar2 is

begin return(replace(
             replace(
             replace(
             replace(ctext, '&', '&amp;' ),
                            '"', '&quot;'),
                            '<', '&lt;'  ),
                            '>', '&gt;'  ));

end;

it takes the special characters and replaces them with the appropiate HTML entites -- so " will become " and it'll work properly.

>
>Now the problem we have is when the database value to set the initial text
>value contains the double quote character "......If it does then only the
>string up to that point is displayed.....
>
>Obviously we cant use the single quote ' to suround the value because the
>same would apply if the string contained that character....
>
>I've written a procedure in Oracle that mimics the javascript escape()
>function so I thought of storing each value in a javascript parameter
> escaped ), and then when the form has loaded populate the form values using
>javascript.
>
>Is there any other way around this cos it will take ages to
>re-write...except to bar the entry of double quotes at any point within the
>site..bearing in mind that this is pointless because data can get into the
>database from areas other than the browser front end ???
>
>
>
>Cheers for any help..
>
>Steve Bright
>
>steve.bright_at_capgemini.co.uk
>
>

-- 
See http://osi.oracle.com/~tkyte/ for my columns 'Digging-in to Oracle8i'...
Current article is "Part I of V, Autonomous Transactions" updated June 21'st
 
Thomas Kyte                   tkyte_at_us.oracle.com
Oracle Service Industries     Reston, VA   USA

Opinions are mine and do not necessarily reflect those of Oracle Corporation

Received on Tue Nov 02 1999 - 13:30:42 CET

This message: [ Message body ]
Next message: Rymond Allo: "Re: Urgent: Checking status of SQL/PLUS - via HOST command"
Previous message: Sofie Kempeneer: "WebForms for Linux Caldera"
In reply to Steve B: "using a double quote character inside a text field as an initial value..."
Next in thread: Jukka.Korpela_at_hut.fi: "Re: using a double quote character inside a text field as an initial value..."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message