Yes, I was looking all over for an equivelant to addslashes() for .NET
I originally thought it was MySQL stripping them out but I did a
response.write() for all my text field values and apprently it is removing
the characters on postback of the form since they were missing before the
query was ever ran.
It only happens with regular asp:textbox fileds though. I have FCKEditor on
the same form and it replaces things like the registered symbol with ®
for you (nice)
I must also be losing my mind because quotes go into the database just fine
now. It only stripped those out one time... weird. I am still faced with all
of the other symbols though which will most likely be used often in this
application tradmarks, copyright, registered, etc...
I have validaterequest=false in my page directive so that must not be it (i
can submit html with the fckeditor just fine)
It seems like it might be a little harder than I thought since .net is
actually removing the characters when i hit the submit button though. It
just seems like there would be an easy way of doing this. I hope someone can
offer a solution before I run out of other sections to work on : )
I may have to write a function to convert all the symbols intot their ascii
value... man that could get big and slow....
I've never used Microsoft.JScript.GlobalObject.escape/unescape but im about
to go look into that. Thanks for the tips
John Timney (ASP.NET MVP) said:
php has an escape function specifically for mySQL inserts
Historically, you have had to hand crank one using the replace method,
something like this:
private string SafeSqlLiteral(string inputSQL)
{
return inputSQL.Replace("'", "''");
}or calling Microsoft.JScript.GlobalObject.escape I guess it depends
where your problem is occuring - it may be mySQL expecting escaped chars,
you could try passing verbatim strings using the '@' symbol before the
quoted sql statement --
Regards
John Timney
ASP.NET MVP
Microsoft Regional Director
Ewok said:
That would be quite a task to eascape all special characters. There has
to be an easier way..... hmm or would it?
I know i ColdFusion regular expressions there is a [:special:] character
set. Maybe I can use something similar in dotnet/vb to easily match
characters that would need to be escaped?
John Timney (ASP.NET MVP) said:
have you tried escaping them with a backslash eg. \'
--
Regards
John Timney
ASP.NET MVP
Microsoft Regional Director
let me just say. it's not by choice but im dealing with a .net web app
(top down approach with VB and a MySQL database) sigh.....
Anyhow, I've just about got all the kinks worked out but I am having
trouble preserving data as it gets entered into the database.
Primarily, quotes and special characters.
Spcifically, I noticed it stripped out some double quotes and a
"Registered" symbol ® (not the ascii but the actual character"
does anyone know of a quick fix to allow these types of characters? The
forms are in a secured section of the site and will only be used by
adinistrators so im not TOO concerned about what they enter in at this
point.
Thanks for any suggestions!
