Web Wiz - Green Windows Web Hosting - Celebrating 25 Years!
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - converting text in DB
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

converting text in DB
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
Mattblack View Drop Down
Groupie
Groupie
Avatar

Joined: 21 January 2003
Location: United Kingdom
Status: Offline
Points: 139 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Mattblack Quote  Post ReplyReply Direct Link To This Post Topic: converting text in DB
    Posted: 02 October 2003 at 3:11pm

Hi all,

Just wondering how to solve this...

Im using V6.4 on my website.  When people register or post, it all appears as normal, but if you look in the database then you get things like this inserted all over the place....
o

So when i create a page to draw certain strings and email address out of the database, i have things like that all over the page and need to get rid of it.  I know its got to be something to do with the language file or something, but what is it?  And what should i include on the pages that i create to stop it from happening???

Cheers

Matt
Back to Top
Gullanian View Drop Down
Senior Member
Senior Member
Avatar

Joined: 04 January 2002
Location: England
Status: Offline
Points: 4373 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Gullanian Quote  Post ReplyReply Direct Link To This Post Posted: 02 October 2003 at 3:20pm

thgins like &#111; are HTML entities which stand for potentialy hamrful symbals such as ', <, >, % etc etc.  By replacing them with their HTML entity equivalent you make inputting data more secure.

Its a sacrafice worth making.
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 02 October 2003 at 3:26pm
The forum code has a function to decode this.

You need to run the data you pull from the database through the following function:-

'*********************************************

'***         Decode HTML encoding         *****

'*********************************************



'Decode encoded strings

Private Function decodeString(ByVal strInputEntry)



    'DEcode HTML character entities



    strInputEntry = Replace(strInputEntry, "&#097;", "a", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#098;", "b", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#099;", "c", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#100;", "d", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#101;", "e", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#102;", "f", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#103;", "g", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#104;", "h", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#105;", "i", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#106;", "j", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#107;", "k", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#108;", "l", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#109;", "m", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#110;", "n", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#111;", "o", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#112;", "p", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#113;", "q", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#114;", "r", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#115;", "s", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#116;", "t", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#117;", "u", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#118;", "v", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#119;", "w", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#120;", "x", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#121;", "y", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#122;", "z", 1, -1, 0)



    strInputEntry = Replace(strInputEntry, "&#065;", "A", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#066;", "B", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#067;", "C", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#068;", "D", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#069;", "E", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#070;", "F", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#071;", "G", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#072;", "H", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#073;", "I", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#074;", "J", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#075;", "K", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#076;", "L", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#077;", "M", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#078;", "N", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#079;", "O", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#080;", "P", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#081;", "Q", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#082;", "R", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#083;", "S", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#084;", "T", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#085;", "U", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#086;", "V", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#087;", "W", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#088;", "X", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#089;", "Y", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#090;", "Z", 1, -1, 0)

    

    strInputEntry = Replace(strInputEntry, "&#061;", "=", 1, -1, 0)





    strInputEntry = Replace(strInputEntry, "&#048;", "0", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#049;", "1", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#050;", "2", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#051;", "3", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#052;", "4", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#053;", "5", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#054;", "6", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#055;", "7", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#056;", "8", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&#057;", "9", 1, -1, 0)

    

    strInputEntry = Replace(strInputEntry, "&lt;", "<", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&gt;", ">", 1, -1, 0)

    strInputEntry = Replace(strInputEntry, "&amp;", "&", 1, -1, 0)



    'Return

    decodeString = strInputEntry

End Function
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
Mattblack View Drop Down
Groupie
Groupie
Avatar

Joined: 21 January 2003
Location: United Kingdom
Status: Offline
Points: 139 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Mattblack Quote  Post ReplyReply Direct Link To This Post Posted: 03 October 2003 at 10:22am

ok, im good - but not THAT good.  Thanks so far though

How do i include that in my asp then?

For example, a simple bit of code might read email addresses from it, that will obviously contain harmful characters.

It would read like this....

<% Dim rs
Set rs = Server.CreateObject ("ADODB.Recordset")
rs.Open "members", "DSN=mydnshere"
While Not rs.EOF
Response.Write "" & rs("email")
Response.Write "<br>"
rs.MoveNext
Wend
rs.Close
Set rs = Nothing %>

How would i include it in the example shown?

Cheers again!
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 03 October 2003 at 10:40am
If you are showing it on a web page you dn't need to remove the encoding as they are HTML character entities so your browser will display them as the correct characters to anyone viewing the web page.

If you really must remove them then use this code:-

<% Dim rs
Set rs = Server.CreateObject ("ADODB.Recordset")
rs.Open "members", "DSN=mydnshere"
While Not rs.EOF
Response.Write "" & decodeString(rs("email"))
Response.Write "<br>"
rs.MoveNext
Wend
rs.Close
Set rs = Nothing %>

Put the bit in shown in red and also include the function from my last post somewhere in the same asp file.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
Mattblack View Drop Down
Groupie
Groupie
Avatar

Joined: 21 January 2003
Location: United Kingdom
Status: Offline
Points: 139 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Mattblack Quote  Post ReplyReply Direct Link To This Post Posted: 04 October 2003 at 5:22am

GOT IT!

Thanks guys! 

~Matt (www.zeuscomputers.co.uk)
Back to Top
Detonator View Drop Down
Newbie
Newbie


Joined: 23 June 2005
Status: Offline
Points: 3 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Detonator Quote  Post ReplyReply Direct Link To This Post Posted: 23 June 2005 at 6:27am
Originally posted by Gullanian Gullanian wrote:

thgins like &#111; are HTML entities which stand for potentialy hamrful symbals such as ', <, >, % etc etc.  By replacing them with their HTML entity equivalent you make inputting data more secure.

Its a sacrafice worth making.

 
Hello all,
 
I came along to this page looking for information on a script that I'm working on for WW, and I was having this same problem regarding these "special" characters getting replaced by "&#nnn" entities. I understand the problem with things like <, >, %, etc. But, out of curioisity, what harm can the letter "o" (ASCII code 111) do? because this letter specifically gets replaced by &#111 and I can't see any logic reason to do this, as it's plain a plain letter.
 
Thanks
Back to Top
dpyers View Drop Down
Senior Member
Senior Member


Joined: 12 May 2003
Status: Offline
Points: 3937 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dpyers Quote  Post ReplyReply Direct Link To This Post Posted: 23 June 2005 at 12:36pm
I believe Borg has included the alphabet in the decode function because he also encodes some reserved words that could be entered in text boxes and used as part of an sql injection attack.

Lead me not into temptation... I know the short cut, follow me.
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.