| Author |
 Topic Search  Topic Options
|
Finlay 
Newbie
Joined: 31 October 2006
Location: United Kingdom
Status: Offline
Points: 6
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: How to customize inserted hyperlinks? Part 2
Posted: 31 October 2006 at 10:41am |
I have inserted RTE to a small content management system that we operate which has never allowed double quotes to be included. I've tried using the ASP replace command to no avail and so my next step is to try and amend links so that they read <a href='www.google.com'>Google</a> rather than <a href="www.google.com">Google</a>. Where is the code that I need to edit? Also, I've noticed tat when I try and amend the code manually, when I come to redit the page, double quotes are loaded back in causing problems to re-occur. Please help!!!
|
 |
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 31 October 2006 at 11:00am |
|
IE's own built in RTE API has a bad habit of re-writing code, I hoped Microsoft may sort this out with IE7 but it looks like they have left the RTE API unchanged.
Is there a reason why you don't allow quotes in your CMS?
|
|
|
|
Finlay
Newbie
Joined: 31 October 2006
Location: United Kingdom
Status: Offline
Points: 6
|
Post Options
Thanks(0)
Quote Reply
Posted: 31 October 2006 at 11:18am |
|
I'm fairly new to ASP (having used PHP a bit before) but using double quotes tends to mess up submissions to the SQL database. I've a feeling it's becasue of the way the string to submit to the database works...
SQLstmt = "UPDATE Messages Set Title = '"& title & "',"
SQLstmt = SQLstmt & "Description='" & fixQuotes(desc) & "',"
SQLstmt = SQLstmt & "body='" & body & "',"
SQLstmt = SQLstmt & "startdate='" & MediumDate(Startdate) & "',"
SQLstmt = SQLstmt & "enddate='" & MediumDate(Enddate) & "',"
SQLstmt = SQLstmt & "alert='" & Alert & "' "
SQLstmt = SQLstmt & "WHERE ID='" & request.form("ID") & "'"
Set RS = objConn.execute(SQLstmt)
but I may be wrong. Anyway, I have used ASP replace function to allow apotrophe's, change cats to dogs, boys to girls but I can't get it to handle double quotes. Historically, users had been told not to use them, but having included a nice Text editor, I'm now told that they want to include active links in text but it's driving me batty at the moment.
Ideally I'd have had the time to rewrite the whole system to something much less restrictive but it was the normal tale of needing something quickly...and then then changing requiremnts!
I am currently using Firefox 1.5 (because it's ruddy great!)!
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 31 October 2006 at 11:58am |
|
The problem looks like your function you have written fixQuotes to prevent SQL injection maybe wrong.
You shouldn't need to remove double quotes ["] however you do need to escape single quotes [']
To escape single quotes you need to replace ['] with two single quotes:-#
Replace (strInput, "'", "''")
A bit hard to see here but you are replacing ['] with [''] two of them, this means that quotes can still be used in your input but without them coursing issues with the SQL.
This escapes the ['] mark in SQL and when rad back in with show as just one quote mark and not two.
So things like girl's would be changes to girl''s but would be entered into the database as girl's
Edited by -boRg- - 31 October 2006 at 12:00pm
|
|
|
|
Finlay
Newbie
Joined: 31 October 2006
Location: United Kingdom
Status: Offline
Points: 6
|
Post Options
Thanks(0)
Quote Reply
Posted: 31 October 2006 at 12:08pm |
|
Thanks for you reply.
The function to replace the single quotes is working fine, it's just with the double quotes that things go a big wrong for some reason. I've tried various things and currently have it set up as so,
function fixQuotes(strData)
fixQuotes=Replace(strData,chr(39),chr(39) & chr(39))
fixQuotes=Replace(fixQuotes,"dog","cat")
fixQuotes=Replace(fixQuotes,chr(34),chr(34) & chr(34))
fixQuotes=Replace(fixQuotes,"""", "\""", 1, -1, 1)
fixQuotes=replace(fixQuotes, chr(34), "”")
fixQuotes=Replace(fixQuotes,"boy", "girl")
end function
as you can see, I'm trying pretty much everything at the moment but as soon as a double quote is used it obvioulsy closes the string as only submits preceeding text to the database which is why I'm having difficulties with the link functionality.
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 31 October 2006 at 2:15pm |
|
You shouldn't need to remove the double quote marks, because the data is already in a variable the string will not be closed when putting it into the SQL query.
|
|
|
|
Finlay
Newbie
Joined: 31 October 2006
Location: United Kingdom
Status: Offline
Points: 6
|
Post Options
Thanks(0)
Quote Reply
Posted: 31 October 2006 at 4:17pm |
|
For some reason, each entry to the SQL database closes when double quotes appear, even after the string variable has been run through the fixQuotes function that corrects and amends everything else.
As far as I know the way in which I've built the SQL statement isn't an issue, and the corrective script is working correctly in respect of everything else but replacing the double quotes.
Is there nowhere within the RTE that would allow me to edit the anchor link?
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 31 October 2006 at 6:56pm |
|
Your function is written all wrong and the formatting incorrect.
You need something like:-
function fixQuotes(strData)
strData = Replace(strData, "'", "''")
fixQuotes = strData
end function
Most of your function is completely wrong and would either make things worse or not work at all.
|
|
|
|
How to customize inserted hyperlinks? Part 2