https://www.webmaster-forums.net/crss/node/1039177 en https://www.webmaster-forums.net/html-css-and-javascript/error-when-characters-are-entered-user#comment-1222473 <p>Nrrrgh, can't remember back far enough....</p> <p>My knowledge of ASP is getting dimmer and dimmer (it's a good thing Drew posts all these ASP questions). It's something like HtmlEncode, have you got an ASP reference where you can do a search for that? Also when I did ASP it was heavily tied into VB, so that might be a VB method! <img src="https://www.webmaster-forums.net/misc/smileys/smile.png" title="Smiling" alt="Smiling" class="smiley-content" /></p> <p>There's got to be something like that though.</p> <blockquote class="bb-quote-body"><p><strong>Drew wrote:</strong> How can I allow users to enter these and other symbols into a form which gets stored in the database without getting errors?</p></blockquote> <p>Moreover, how do you stop some sneaky 1337 H4xX0r script kiddie using those symbols to inject queries into your database! Is ASP strongly typed (I've forgotten)? If not you'd better make sure that when inserting a number into the database that it actually is a number, if ASP uses variable declarations like: [incode]Dim MyVar As Int[/incode] then you should be ok, but if it's throwing variants around (ala [incode]Dim MyVar[/incode] or [incode]Dim MyVar As Variant[/incode]) then you'd better start using the type checking functions ([incode]is_num[/incode] for instance).</p> <p>Breaking stuff is good, if you break it now it means someone else doesn't break it in future. <img src="https://www.webmaster-forums.net/misc/smileys/smile.png" title="Smiling" alt="Smiling" class="smiley-content" /></p> Wed, 01 Aug 2007 14:21:50 +0000 JeevesBond comment 1222473 at https://www.webmaster-forums.net https://www.webmaster-forums.net/html-css-and-javascript/error-when-characters-are-entered-user#comment-1222471 <p>I'm using asp, but I'm still interested in what you know about doing it in PHP <img src="https://www.webmaster-forums.net/misc/smileys/smile.png" title="Smiling" alt="Smiling" class="smiley-content" /> </p> <p>Drew,</p> Wed, 01 Aug 2007 13:56:52 +0000 drew22299 comment 1222471 at https://www.webmaster-forums.net https://www.webmaster-forums.net/html-css-and-javascript/error-when-characters-are-entered-user#comment-1222439 <p>(p.s. that last post was # 1337 ... hahahah)</p> Tue, 31 Jul 2007 20:03:26 +0000 brady.k comment 1222439 at https://www.webmaster-forums.net https://www.webmaster-forums.net/html-css-and-javascript/error-when-characters-are-entered-user#comment-1222438 <p>You need to allow for things like this by "trying to break it"... which you have, and that's a good thing.</p> <p>How to fix it? Well you could replace the @ and other such symbols with their HTML code equivalent... are you using PHP? There's a function called "html_entities_encode" ... check that out.</p> <p>As for the SQL... that's actually a good question, and I'm not sure. I think it probably has to do with how your database queries are structured. If you are filtering them, then probably not. Otherwise... maybe?</p> <p>Let me know if you're using PHP, because then I can give you some more specific help.</p> Tue, 31 Jul 2007 20:02:51 +0000 brady.k comment 1222438 at https://www.webmaster-forums.net