Wrox Programmer Forums
|
Classic ASP Databases Discuss using ASP 3 to work with data in databases, including ASP Database Setup issues from the old P2P forum on this specific subtopic. See also the book forum Beginning ASP.NET Databases for questions specific to that book. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Databases section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old November 29th, 2007, 11:36 AM
Authorized User
  
Join Date: Jul 2004
Posts: 40
Thanks: 0
Thanked 0 Times in 0 Posts
Default stray charaacters or quotes in forms elements
I know this is a basic question - but I have a number of forms that the info is being sent to an access database - which is a better idea...to not allow any stray characters or single quotes (by use of a jscript validation function) or is it better (at least for single quotes) to before I enter the info into the database just run replase functin on all the fields and replace single quote with double single quote...

which is the better idea?

thanks for your help

Adina
 
Old November 29th, 2007, 11:54 AM
Imar's Avatar
Wrox Author
  
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default
IMO, the latter as it serves two purposes: first, the user's intent with the text is maintained (what happens if they want to type something like "the user's intent"??). Second, JavaScript can be disabled, bypassing your validation.

Only by fixing the data server side can you guarantee a safe and working solution.

Cheers,

Imar


---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
 
Old November 29th, 2007, 03:17 PM
Authorized User
  
Join Date: Jul 2004
Posts: 40
Thanks: 0
Thanked 0 Times in 0 Posts
Default
So would using the replace function on all fields be the best way of accomplishing that?

Also this might be a stupid question but should I be building my sights to not depend on JScript as of now.... I have a lot of rollover, and drop down menus that are jscript dependant ...what should I be doing....

Thank you,
Adina
 
Old November 29th, 2007, 06:34 PM
Imar's Avatar
Wrox Author
  
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default
Yes, you'd need to fix every field you're about to send to the database.

Regarding JavaScript: it depends. Some effects can be accomplished with CSS, other things cannot be reproduced with other technologies easily. However, it all depends on your site of course. I generally find that people have JavaScript turned on. YMMV of course so you need to look into to your client base and see if it's worth the trouble.

Cheers

Imar

---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004





Similar Threads
Thread Thread Starter Forum Replies Last Post
How do you get Rid of quotes hewstone999 Access VBA 1 April 15th, 2008 10:42 AM
Quotes in textbox amit_p_patel VB How-To 7 May 22nd, 2007 02:29 AM
displaying single quotes and double quotes ren_123 Classic ASP Databases 2 February 22nd, 2006 02:17 PM
Double Quotes and Single Quotes Problem phungleon Classic ASP Basics 7 May 27th, 2004 01:44 PM
RE: Quotes in Arrays tp194 Beginning PHP 2 March 9th, 2004 11:54 PM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.