Don't Quote me! (Full Version)

All Forums >> [Web Development] >> ASP and Database



Message

yogaboy -> Don't Quote me! (11/15/2004 15:08:35)

I have a link to a document made from info the user gave in a form. The link doesn't work when people use single quotes in the form.

I've got this...

mySQL = "SELECT DocTitle, FileName FROM KeyDocs"

myFileName = myRS("FileName")

myFileName = Replace(myFileName, "'", "''")

Response.write "<TR><TD><P><a href='/documents/" & myFileName & "'>" & myRS("DocTitle") & "</A>"

But using the Filename Children'sNSF09MentalHealth.pdf just gives a link of /documents/Children

What am I missing? I've checked the values using Response.writes and tried using both for the link
myRS("Filename") = Children'sNSF09MentalHealth.pdf and
myFileName = Children''sNSF09MentalHealth.pdf



BeTheBall -> RE: Don't Quote me! (11/15/2004 18:31:08)

What happens if you replace:

" & myFileName & "

with

" & Server.URLEncode(myFileName) & "



yogaboy -> RE: Don't Quote me! (11/17/2004 6:53:46)

Microsoft VBScript runtime (0x800A000D)
Type mismatch: 'Server.URLencode'

I've tried loads of different combinations of code, but whenever I put Server.URLencode anywhere I get this error. Had a look for a solution but it seems it's sporadic and happens on some servers and not on others.

Jam![:@]



BeTheBall -> RE: Don't Quote me! (11/17/2004 8:26:27)

What if you put your URL into a variable and then call it later something like:

mySQL = "SELECT DocTitle, FileName FROM KeyDocs"

myFileName = myRS("FileName")

myURL = Server.URLEncode("/documents/" & myFileName)

Response.write "<TR><TD><P><a href='"&myURL&"'>" & myRS("DocTitle") & "</A>"



yogaboy -> RE: Don't Quote me! (11/17/2004 9:37:03)

It worked! Amazing!!![:D] - thanks Duane - I'd almost lost hope...

Here's the final code, trimmed of extra ' and /'s

myFileName = myRS("Filename")

myURL = Server.URLEncode("documents/" & myFileName)

Response.write "<TR><TD><P><a href=" & myURL & ">" & myRS("DocTitle") & "</A>"




Page: [1]

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
0.03125