Adrian
this is how i used htmleditformat
<input type="text" value="htmleditformat(myvalue)">
INSERT INTO sometable (somecol)
> VALUES ('#form.field#')
I was only experiencing problems when filling the input box with data that
contained double quotes and the data was cutting off at the first instance
of the quotesquotes
----- Original Message -----
From: "Adrian Lynch" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Friday, June 14, 2002 6:24 AM
Subject: RE: RE: FW: RE: Quotation Hell
> Sorry for bringing this back up, but I don't think you've understood one
of
> the points I was trying to make.
>
> It may be the way I'm doing it, so let me know if it is.
>
> I have a form which the user gets to fill in, they put into a <input
> type="text"...
> A quote: "To be or not to be"
>
> now in my insert statement I have...
> INSERT INTO sometable (somecol)
> VALUES ('#htmlEditFormat(form.field)#')
>
> which translates to..
> INSERT INTO sometable (somecol)
> VALUES ('A quote: "To be or not to be"')
>
> this isn't what you see in the debugging on the page, but it is what gets
> put into the DB, view the source to see.
>
> So what was once 29 chars, has become 39 characters. So if your DB isn't
> expecting these extra characters it won't work.
>
> If you do make sure the db can take the extra chars, then you still have
the
> problem with using functions like Left(), try it on the above example and
> you'll see that taking the first 11 characters will return "A quote:
> &q"(without the quotes :O) which isn't what you want.
>
> Like I said above, if I'm doing this all wrong let me know. Granted using
> htmlEditFormat() over my method of replacing all qoutes is easier (is it
> faster though if all you're replace is quotes?) but I don't see how you'd
> get around the problems I've highlighted above.
>
> Ade
>
>
> I can burn cds using Adaptec EasyCD Creator and can convert MP3s to normal
> audio
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: 13 June 2002 21:51
> To: CF-Talk
> Subject: Re: RE: FW: RE: Quotation Hell
>
>
> Thank you James.
>
> It still amazes me that loads of people don't use HTMLEditFormat().
> Nothing like seeing lots of pages break simply because of people
> entering quotes.
>
> ----- Original Message -----
> From: James Ang <[EMAIL PROTECTED]>
> Date: Thursday, June 13, 2002 12:52 pm
> Subject: RE: FW: RE: Quotation Hell
>
> > HTMLEditFormat() is the least used and least understood function
> > in CFML
> > amongst most CF developers.
> >
> > That said, let me explain and alleviate your fears.
> >
> > First, if you have time, read the RFC for HTML 2.0:
> > http://www.ietf.org/rfc/rfc1866.txt
> >
> > Reading the RFC will clue you in that any tag attribute's value
> > will be
> > stored in the browser memory with escaped characters like: > <
> > " & translated to their actual literal values: > < " &
> >
> > And when the form submits, the actual literal values in the browser's
> > memory will be encoded depending on the form's method. For both
> > GET and
> > POST operations, these literals: > < " & will be converted to: %3e %3c
> > %22 %26
> >
> > When the ColdFusion Server receives these form values (GET or POST),
> > these values %3e %3c %22 %26 will be converted back to: > < " &
> >
> > Hence, when you access your form variables: URL.blah or FORM.blah, the
> > values would be what the user see's in the his/her browser's form
> > fields.
> >
> > The caveat to all of this is UNICODE characters. In IE (not sure in
> > Netscape), Unicode characters outside of the ASCII range gets encoded
> > into this format before submission (and before METHOD encoding):
> > &#nnnn;
> > This is then sent as (after METHOD encoding): %26%23nnnn%3b
> >
> > I have verified this with a packet listener in a controlled
> > environment.:)
> >
> > In CF 4.x.x (I have not verified CF5 or MX), %26%23nnnn%3b is
> > translatedback to &#nnnn;
> >
> > Hence when you access the form variables: URL.blah or FORM.blah, the
> > value would be: &#nnnn;
> >
> > (Note: & to %26 conversion may be wrong. It could be: & to & to
> > %26amp%3b. I can't remember, but it is all good. The translation is
> > always kosher with a HTML 2.0 or better compliant browser and server.
> > :))
> >
> > The &#nnnn; issue is something you all are worried about. BUT, for the
> > purpose of quotation marks, greater/lesser-than signs, and ampersands,
> > you don't have to worry about them at all with HTMLEditFormat().
> >
> > You should ALWAYS use HTMLEditFormat(). All other solutions ARE
> > hackneyed. To fix the problem of &#nnnn; escaped unicode
> > characters, use
> > this workaround:
> >
> > function smf_HTMLEditFormat(I_str) {
> > return REReplaceNoCase(HTMLEditFormat(I_str, -1),
> > "&(##?[[:alnum:]]+);", "&\1;", "ALL");
> > }
> >
> > Hence, even if you stored the data in the DB as: &#nnnn;, when you
> > givethe browser: &#nnnn;, the browser will take care of presenting the
> > equivalent Unicode character. If it doesn't, it is not a HTML 4.0
> > compliant browser. :P
> >
> > I have a good feeling that CF5/MX actually translated the encoded
> > characters to unicode characters. :P No empirical data to prove it
> > though. :P
> >
> > Alright. That's my take on this issue. :)
> >
> > ----------------------------
> > James Ang
> > Senior Programmer
> > MedSeek, Inc.
> > [EMAIL PROTECTED]
> >
> >
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, June 13, 2002 10:48 AM
> > To: CF-Talk
> > Subject: Re: FW: RE: Quotation Hell
> >
> >
> > Just jumping in briefly to explain what I did to get around " and
> > ' in
> > our
> > apps. Going into the database would be fine (using
> > perserveSingleQuotes() and whatever 'escape' character we could
> > use that
> >
> > the database recognizes), it's pulling out and displaying again
> > that
> > became a problem.
> >
> > So, when we're displaying to the end user... " & ' became ",
> > etc so
> >
> > that it wouldn't break the form fields, etc. Going back into the
> > database via 'save changes' button, the " apparently becomes
> > a "
> > again going back in... thus, we were able to maintain the
> > 'original'
> > user-submitted value.
> >
> > One thing I hate about certain forum software (and, I won't say which)
> > is
> > that what you submitted isn't what's always returned to the user when
> > they
> > want to edit. I griped about it, but was told that it's faster to do
> > the
> > 'translation' of things before shoving it into the db. They
> > failed to
> > recognize something -- I don't care what it's translation is, I care
> > about
> > data integrity and making sure that if that's what I put in,
> > that's what
> > I
> > get out when I go to edit that data blob. To this day, it's still
> > an
> > issue and I just quit pestering the forum maker as it's their product
> > vs.
> > my opinion. :P
> >
> > I think if you use HTMLEditFormat(), you're putting yourself into
> > a new
> > world of problems. Especially if the < > characters translate to
> > something else. Not to mention, great... now you gotta worry
> > about
> > storage issue (especially if you're using a varchar field and not
> > a
> > blob-type field).
> >
> > ~Todd
> >
> > On Thu, 13 Jun 2002, Adrian Lynch wrote:
> >
> > > -----Original Message-----
> > > From: Adrian Lynch
> > > Sent: 13 June 2002 17:33
> > > To: '[EMAIL PROTECTED]'
> > > Subject: RE: RE: Quotation Hell
> > >
> > >
> > > Thats ok, you can be a jackarse all you want. I hadn't used
> > htmlEditFormat()
> > > before, if I had, I might have suggested it. It was a case of
> > I've got
> > a way
> > > around it, see if it works for you.
> > >
> > > One thing you might notice with htmlEditFormat(), is that you still
> > have the
> > > problem of extra characters, " still becomes ", and if that's
> > what you
> > > put in you DB and you then use Left(), you have a problem if it
> > chopsit,
> > > and you still need to make sure your DB is not going to be expecting
> > more
> > > than it gets.
> > >
> > > Now if I'm wrong about this someone please tell me, or is this
> > hackneyed
> > > too?
> > >
> > > Ade
> > >
> > >
> >
> > --
> > ============================================================
> > Todd Rafferty ([EMAIL PROTECTED]) - http://www.web-rat.com/ |
> > Team Macromedia Volunteer for ColdFusion |
> > http://www.macromedia.com/support/forums/team_macromedia/ |
> > http://www.flashCFM.com/ - webRat (Moderator) |
> > http://www.ultrashock.com/ - webRat (Back-end Moderator) |
> > ============================================================
> >
> >
> >
>
>
______________________________________________________________________
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
