RE: Troublesome or Dangerous Form Submission Characters for SQL

Thu, 03 Mar 2005 17:40:56 -0800 

I would. Knock up a quick example

param myInput ""

form
        input text myInput value="#FORM.myInput#"
        submit
/form

Submit Hella"Cool and it should drop the Cool. Try it with HTMLEditFormat()
on as many browsers as you can and chances are it'll be consistent on all of
them.

Ade


-----Original Message-----
From: Mike Chabot [mailto:[EMAIL PROTECTED]
Sent: 03 March 2005 20:10
To: CF-Talk
Subject: Re: Troublesome or Dangerous Form Submission Characters for SQL


Thanks for the tip about the double quotes. I am concerned that some
people who enter & in the text field will see the five character
HTML-safe equivalent when they go to edit the value because of the
HtmlEditFormat function. IE 6 does not seem to have this problem. Are
there any browsers that display the contents of the value attribute
literally, instead of properly interpreting the HTML-safe code?

Similarily, when I submit a field who's value attribute equals an
expanded HTML-safe code, CF receives the interpreted,
single-character, value (actually %26 for & if you look at the
headers). Are there any browsers that do not do this?

As a general rule, should I wrap HtmlEditFormat around all form field
values. For example: <input type=text
value="#HtmlEditFormat(form.fieldname)#">.

Thank you,
Mike Chabot

On Thu, 3 Mar 2005 19:09:02 -0000, Adrian Lynch
<[EMAIL PROTECTED]> wrote:
> Nothing if you're using queryparam/SPs, however on pulling the data back
out
> double quotes may cause you trouble in text inputs(or single quotes if
> that's how you delimit your attributes in HTML).
>
> Use HTMLEditFormat() to solve the problem with double quotes.

> Ade
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.6.0 - Release Date: 02/03/2005


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:197403
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Reply via email to