Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: using a double quote character inside a text field as an initial value...

Re: using a double quote character inside a text field as an initial value...

From: Thomas Kyte <tkyte_at_us.oracle.com>
Date: Tue, 02 Nov 1999 07:30:42 -0500
Message-ID: <ytgeOPBAakL7FATW5sQ5tAVl5+ML@4ax.com> 





A copy of this was sent to "Steve B" <steve.bright_at_capgemini.co.uk>
(if that email address didn't require changing)
On Tue, 2 Nov 1999 10:29:25 -0000, you wrote:



>Hope you can help...we're currently generating dynamic web pages using


>Oracle Application Server....


>


>Most of the pages require the use of forms to capture user information, and


>a lot of these forms are populated with database information so it can be


>updated etc......


>


>we define things such as text fields as


>


><input type="text" name="text_field" value=" '||


><some_value_from_the_database> ||'  ">


>


>where '||    ||' are the Oracle concatenation marks for those HTMLers


>amongst you.....





put out



   htf.escape_sc( string )




not just string



escape_sc will 



function escape_sc(ctext in varchar2) return varchar2 is

begin return(replace(
             replace(
             replace(
             replace(ctext, '&', '&amp;' ),
                            '"', '&quot;'),
                            '<', '&lt;'  ),
                            '>', '&gt;'  ));


end;




it takes the special characters and replaces them with the appropiate HTML
entites -- so " will become &quot; and it'll work properly.








>


>Now the problem we have is when the database value to set the initial text


>value contains the double quote character "......If it does then only the


>string up to that point is displayed.....


>


>Obviously we cant use the single quote ' to suround the value because the


>same would apply if the string contained that character....


>


>I've written a procedure in Oracle that mimics the javascript escape()


>function so I thought of storing each value in a javascript parameter


> escaped ), and then when the form has loaded populate the form values using


>javascript.


>


>Is there any other way around this cos it will take ages to


>re-write...except to bar the entry of double quotes at any point within the


>site..bearing in mind that this is pointless because data can get into the


>database from areas other than the browser front end ???


>


>


>


>Cheers for any help..


>


>Steve Bright


>


>steve.bright_at_capgemini.co.uk


>


>






-- 


See http://osi.oracle.com/~tkyte/ for my columns 'Digging-in to Oracle8i'...
Current article is "Part I of V, Autonomous Transactions" updated June 21'st
 

Thomas Kyte                   tkyte_at_us.oracle.com
Oracle Service Industries     Reston, VA   USA





Opinions are mine and do not necessarily reflect those of Oracle Corporation
Received on Tue Nov 02 1999 - 06:30:42 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US