How to customize inserted hyperlinks? Part 2
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Rich Text Editor (RTE)
Forum Description: Support forum for the Web Wiz Rich Text Editor (RTE).
URL: https://forums.webwiz.net/forum_posts.asp?TID=21799
Printed Date: 29 March 2026 at 5:17am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: How to customize inserted hyperlinks? Part 2
Posted By: Finlay
Subject: How to customize inserted hyperlinks? Part 2
Date Posted: 31 October 2006 at 10:41am
I have inserted RTE to a small content management system that we operate which has never allowed double quotes to be included. I've tried using the ASP replace command to no avail and so my next step is to try and amend links so that they read
<a href='www.google.com'>Google</a> rather than <a href="www.google.com">Google</a>.
Where is the code that I need to edit? Also, I've noticed tat when I try and amend the code manually, when I come to redit the page, double quotes are loaded back in causing problems to re-occur.
Please help!!!
|
Replies:
Posted By: WebWiz-Bruce
Date Posted: 31 October 2006 at 11:00am
IE's own built in RTE API has a bad habit of re-writing code, I hoped Microsoft may sort this out with IE7 but it looks like they have left the RTE API unchanged.
Is there a reason why you don't allow quotes in your CMS?
-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting
|
Posted By: Finlay
Date Posted: 31 October 2006 at 11:18am
I'm fairly new to ASP (having used PHP a bit before) but using double quotes tends to mess up submissions to the SQL database. I've a feeling it's becasue of the way the string to submit to the database works...
SQLstmt = "UPDATE Messages Set Title = '"& title & "',"
SQLstmt = SQLstmt & "Description='" & fixQuotes(desc) & "',"
SQLstmt = SQLstmt & "body='" & body & "',"
SQLstmt = SQLstmt & "startdate='" & MediumDate(Startdate) & "',"
SQLstmt = SQLstmt & "enddate='" & MediumDate(Enddate) & "',"
SQLstmt = SQLstmt & "alert='" & Alert & "' "
SQLstmt = SQLstmt & "WHERE ID='" & request.form("ID") & "'"
Set RS = objConn.execute(SQLstmt)
but I may be wrong. Anyway, I have used ASP replace function to allow apotrophe's, change cats to dogs, boys to girls but I can't get it to handle double quotes. Historically, users had been told not to use them, but having included a nice Text editor, I'm now told that they want to include active links in text but it's driving me batty at the moment.
Ideally I'd have had the time to rewrite the whole system to something much less restrictive but it was the normal tale of needing something quickly...and then then changing requiremnts!
I am currently using Firefox 1.5 (because it's ruddy great!)!
|
Posted By: WebWiz-Bruce
Date Posted: 31 October 2006 at 11:58am
The problem looks like your function you have written fixQuotes to prevent SQL injection maybe wrong.
You shouldn't need to remove double quotes ["] however you do need to escape single quotes [']
To escape single quotes you need to replace ['] with two single quotes:-#
Replace (strInput, "'", "''")
A bit hard to see here but you are replacing ['] with [''] two of them, this means that quotes can still be used in your input but without them coursing issues with the SQL.
This escapes the ['] mark in SQL and when rad back in with show as just one quote mark and not two.
So things like girl's would be changes to girl''s but would be entered into the database as girl's
-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting
|
Posted By: Finlay
Date Posted: 31 October 2006 at 12:08pm
Thanks for you reply.
The function to replace the single quotes is working fine, it's just with the double quotes that things go a big wrong for some reason. I've tried various things and currently have it set up as so,
function fixQuotes(strData)
fixQuotes=Replace(strData,chr(39),chr(39) & chr(39))
fixQuotes=Replace(fixQuotes,"dog","cat")
fixQuotes=Replace(fixQuotes,chr(34),chr(34) & chr(34))
fixQuotes=Replace(fixQuotes,"""", "\""", 1, -1, 1)
fixQuotes=replace(fixQuotes, chr(34), "”")
fixQuotes=Replace(fixQuotes,"boy", "girl")
end function
as you can see, I'm trying pretty much everything at the moment but as soon as a double quote is used it obvioulsy closes the string as only submits preceeding text to the database which is why I'm having difficulties with the link functionality.
|
Posted By: WebWiz-Bruce
Date Posted: 31 October 2006 at 2:15pm
You shouldn't need to remove the double quote marks, because the data is already in a variable the string will not be closed when putting it into the SQL query.
-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting
|
Posted By: Finlay
Date Posted: 31 October 2006 at 4:17pm
For some reason, each entry to the SQL database closes when double quotes appear, even after the string variable has been run through the fixQuotes function that corrects and amends everything else.
As far as I know the way in which I've built the SQL statement isn't an issue, and the corrective script is working correctly in respect of everything else but replacing the double quotes.
Is there nowhere within the RTE that would allow me to edit the anchor link?
|
Posted By: WebWiz-Bruce
Date Posted: 31 October 2006 at 6:56pm
Your function is written all wrong and the formatting incorrect.
You need something like:-
function fixQuotes(strData)
strData = Replace(strData, "'", "''")
fixQuotes = strData
end function
Most of your function is completely wrong and would either make things worse or not work at all.
-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting
|
Posted By: Finlay
Date Posted: 01 November 2006 at 4:53pm
The other elements of teh replace function all work fine and even amending it to the following :
function fixQuotes(strData)
strData = Replace(strData, "'", "''")
strData = Replace(strData,"boy", "girl")
strData = Replace(strData,chr(34), chr(34) & chr (34))
fixQuotes = strData
end function
still leaves the string being cut off at the double quote when being entered to the database.
|
Posted By: WebWiz-Bruce
Date Posted: 01 November 2006 at 4:57pm
I'm not sure what you are doing wrong as your code is not very well written, but I have never found any issue with entering the double quote mark into a database, single quotes have to be escaped by replacing then with two single quite markes but nothing else.
try:-
desc = Replace(desc, "'", "''")
SQLstmt = SQLstmt & "Description='" & desc & "',"
-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting
|
Posted By: Finlay
Date Posted: 03 November 2006 at 11:51am
This didn't work either but I basically createed a new form and table in the database that worked fine.
After this, I was able to track the error to how input fields were created in a form that allowed users to double check their entries. It was something along the lines of:
response.write "<input type='hidden' name='"
response.write Name & "' value=" & chr(34) & request.form(Name) & chr(34)
response.write ">"
which I changed to
response.write "<input type='hidden' name='" & name & "' value='" & request.form(name) & "'>"
And the whole thing worked like a charm.
Of course, none of this had anything to do with the RTE editor which has worked 100% throughout but you never know, in a 100 years time this post may help someone else out. Right...I'm off for a celebratory brew!
Thanks very much for your assistance and reponses during this whole brouhaha.
|
|