RE: RE: FW: RE: Quotation Hell
Sorry for bringing this back up, but I don't think you've understood one of
the points I was trying to make.
It may be the way I'm doing it, so let me know if it is.
I have a form which the user gets to fill in, they put into a input
type=text...
A quote: To be or not to be
now in my insert statement I have...
INSERT INTO sometable (somecol)
VALUES ('#htmlEditFormat(form.field)#')
which translates to..
INSERT INTO sometable (somecol)
VALUES ('A quote: quot;To be or not to bequot;')
this isn't what you see in the debugging on the page, but it is what gets
put into the DB, view the source to see.
So what was once 29 chars, has become 39 characters. So if your DB isn't
expecting these extra characters it won't work.
If you do make sure the db can take the extra chars, then you still have the
problem with using functions like Left(), try it on the above example and
you'll see that taking the first 11 characters will return A quote:
q(without the quotes :O) which isn't what you want.
Like I said above, if I'm doing this all wrong let me know. Granted using
htmlEditFormat() over my method of replacing all qoutes is easier (is it
faster though if all you're replace is quotes?) but I don't see how you'd
get around the problems I've highlighted above.
Ade
I can burn cds using Adaptec EasyCD Creator and can convert MP3s to normal
audio
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 13 June 2002 21:51
To: CF-Talk
Subject: Re: RE: FW: RE: Quotation Hell
Thank you James.
It still amazes me that loads of people don't use HTMLEditFormat().
Nothing like seeing lots of pages break simply because of people
entering quotes.
- Original Message -
From: James Ang [EMAIL PROTECTED]
Date: Thursday, June 13, 2002 12:52 pm
Subject: RE: FW: RE: Quotation Hell
HTMLEditFormat() is the least used and least understood function
in CFML
amongst most CF developers.
That said, let me explain and alleviate your fears.
First, if you have time, read the RFC for HTML 2.0:
http://www.ietf.org/rfc/rfc1866.txt
Reading the RFC will clue you in that any tag attribute's value
will be
stored in the browser memory with escaped characters like: gt;
quot; amp; translated to their actual literal values:
And when the form submits, the actual literal values in the browser's
memory will be encoded depending on the form's method. For both
GET and
POST operations, these literals: will be converted to: %3e %3c
%22 %26
When the ColdFusion Server receives these form values (GET or POST),
these values %3e %3c %22 %26 will be converted back to:
Hence, when you access your form variables: URL.blah or FORM.blah, the
values would be what the user see's in the his/her browser's form
fields.
The caveat to all of this is UNICODE characters. In IE (not sure in
Netscape), Unicode characters outside of the ASCII range gets encoded
into this format before submission (and before METHOD encoding):
#;
This is then sent as (after METHOD encoding): %26%23%3b
I have verified this with a packet listener in a controlled
environment.:)
In CF 4.x.x (I have not verified CF5 or MX), %26%23%3b is
translatedback to #;
Hence when you access the form variables: URL.blah or FORM.blah, the
value would be: #;
(Note: to %26 conversion may be wrong. It could be: to amp; to
%26amp%3b. I can't remember, but it is all good. The translation is
always kosher with a HTML 2.0 or better compliant browser and server.
:))
The #; issue is something you all are worried about. BUT, for the
purpose of quotation marks, greater/lesser-than signs, and ampersands,
you don't have to worry about them at all with HTMLEditFormat().
You should ALWAYS use HTMLEditFormat(). All other solutions ARE
hackneyed. To fix the problem of #; escaped unicode
characters, use
this workaround:
function smf_HTMLEditFormat(I_str) {
return REReplaceNoCase(HTMLEditFormat(I_str, -1),
amp;(##?[[:alnum:]]+);, \1;, ALL);
}
Hence, even if you stored the data in the DB as: #;, when you
givethe browser: #;, the browser will take care of presenting the
equivalent Unicode character. If it doesn't, it is not a HTML 4.0
compliant browser. :P
I have a good feeling that CF5/MX actually translated the encoded
characters to unicode characters. :P No empirical data to prove it
though. :P
Alright. That's my take on this issue. :)
James Ang
Senior Programmer
MedSeek, Inc.
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 13, 2002 10:48 AM
To: CF-Talk
Subject: Re: FW: RE: Quotation Hell
Just jumping in briefly to explain what I did to get around and
' in
our
apps. Going into the database would be fine (using
perserveSingleQuotes() and whatever 'escape' character we could
Re: RE: FW: RE: Quotation Hell
I have a form which the user gets to fill in, they put into a input
type=text...
A quote: To be or not to be
now in my insert statement I have...
INSERT INTO sometable (somecol)
VALUES ('#htmlEditFormat(form.field)#')
which translates to..
INSERT INTO sometable (somecol)
VALUES ('A quote: quot;To be or not to bequot;')
this isn't what you see in the debugging on the page, but it is what gets
put into the DB, view the source to see.
Why would you encode the string as it goes into the database? CF will take
care of escaping any single quotes for you, so you shouldn't have to encode
the string to avoid errors here. The only place htmlEditFormat() should be
used in this setup would be on the form where they enter the string to begin
with (as part of the value=, assuming you wrap around the form if there is
an error), or the same way on an editing page, etc..
Yes, your point that it makes the string longer is valid, but it shouldn't
be an issue if you use it as it was intended.
-Justin Scott, Lead Developer
Sceiron Internet Services, Inc.
http://www.sceiron.com
__
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: RE: FW: RE: Quotation Hell
Cheers, I thought I might be doing it wrong, but what about using the Left()
function on your output, I don't see a way around this?
Ade
-Original Message-
From: Justin Scott [mailto:[EMAIL PROTECTED]]
Sent: 14 June 2002 11:40
To: CF-Talk
Subject: Re: RE: FW: RE: Quotation Hell
I have a form which the user gets to fill in, they put into a input
type=text...
A quote: To be or not to be
now in my insert statement I have...
INSERT INTO sometable (somecol)
VALUES ('#htmlEditFormat(form.field)#')
which translates to..
INSERT INTO sometable (somecol)
VALUES ('A quote: quot;To be or not to bequot;')
this isn't what you see in the debugging on the page, but it is what gets
put into the DB, view the source to see.
Why would you encode the string as it goes into the database? CF will take
care of escaping any single quotes for you, so you shouldn't have to encode
the string to avoid errors here. The only place htmlEditFormat() should be
used in this setup would be on the form where they enter the string to begin
with (as part of the value=, assuming you wrap around the form if there is
an error), or the same way on an editing page, etc..
Yes, your point that it makes the string longer is valid, but it shouldn't
be an issue if you use it as it was intended.
-Justin Scott, Lead Developer
Sceiron Internet Services, Inc.
http://www.sceiron.com
__
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: RE: FW: RE: Quotation Hell
Actually I do, I was nesting them the wrong way :OS
Ade
-Original Message-
From: Adrian Lynch [mailto:[EMAIL PROTECTED]]
Sent: 14 June 2002 11:50
To: CF-Talk
Subject: RE: RE: FW: RE: Quotation Hell
Cheers, I thought I might be doing it wrong, but what about using the Left()
function on your output, I don't see a way around this?
Ade
-Original Message-
From: Justin Scott [mailto:[EMAIL PROTECTED]]
Sent: 14 June 2002 11:40
To: CF-Talk
Subject: Re: RE: FW: RE: Quotation Hell
I have a form which the user gets to fill in, they put into a input
type=text...
A quote: To be or not to be
now in my insert statement I have...
INSERT INTO sometable (somecol)
VALUES ('#htmlEditFormat(form.field)#')
which translates to..
INSERT INTO sometable (somecol)
VALUES ('A quote: quot;To be or not to bequot;')
this isn't what you see in the debugging on the page, but it is what gets
put into the DB, view the source to see.
Why would you encode the string as it goes into the database? CF will take
care of escaping any single quotes for you, so you shouldn't have to encode
the string to avoid errors here. The only place htmlEditFormat() should be
used in this setup would be on the form where they enter the string to begin
with (as part of the value=, assuming you wrap around the form if there is
an error), or the same way on an editing page, etc..
Yes, your point that it makes the string longer is valid, but it shouldn't
be an issue if you use it as it was intended.
-Justin Scott, Lead Developer
Sceiron Internet Services, Inc.
http://www.sceiron.com
__
Signup for the Fusion Authority news alert and keep up with the latest news in
ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: RE: FW: RE: Quotation Hell
value=#htmlEditFormat(left(string, 20))#
-Justin Scott, Lead Developer
Sceiron Internet Services, Inc.
http://www.sceiron.com
- Original Message -
From: Adrian Lynch [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Friday, June 14, 2002 6:49 AM
Subject: RE: RE: FW: RE: Quotation Hell
Cheers, I thought I might be doing it wrong, but what about using the
Left()
function on your output, I don't see a way around this?
Ade
-Original Message-
From: Justin Scott [mailto:[EMAIL PROTECTED]]
Sent: 14 June 2002 11:40
To: CF-Talk
Subject: Re: RE: FW: RE: Quotation Hell
I have a form which the user gets to fill in, they put into a input
type=text...
A quote: To be or not to be
now in my insert statement I have...
INSERT INTO sometable (somecol)
VALUES ('#htmlEditFormat(form.field)#')
which translates to..
INSERT INTO sometable (somecol)
VALUES ('A quote: quot;To be or not to bequot;')
this isn't what you see in the debugging on the page, but it is what
gets
put into the DB, view the source to see.
Why would you encode the string as it goes into the database? CF will
take
care of escaping any single quotes for you, so you shouldn't have to
encode
the string to avoid errors here. The only place htmlEditFormat() should
be
used in this setup would be on the form where they enter the string to
begin
with (as part of the value=, assuming you wrap around the form if there
is
an error), or the same way on an editing page, etc..
Yes, your point that it makes the string longer is valid, but it shouldn't
be an issue if you use it as it was intended.
-Justin Scott, Lead Developer
Sceiron Internet Services, Inc.
http://www.sceiron.com
__
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: RE: FW: RE: Quotation Hell
Adrian
this is how i used htmleditformat
input type=text value=htmleditformat(myvalue)
INSERT INTO sometable (somecol)
VALUES ('#form.field#')
I was only experiencing problems when filling the input box with data that
contained double quotes and the data was cutting off at the first instance
of the quotesquotes
- Original Message -
From: Adrian Lynch [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Friday, June 14, 2002 6:24 AM
Subject: RE: RE: FW: RE: Quotation Hell
Sorry for bringing this back up, but I don't think you've understood one
of
the points I was trying to make.
It may be the way I'm doing it, so let me know if it is.
I have a form which the user gets to fill in, they put into a input
type=text...
A quote: To be or not to be
now in my insert statement I have...
INSERT INTO sometable (somecol)
VALUES ('#htmlEditFormat(form.field)#')
which translates to..
INSERT INTO sometable (somecol)
VALUES ('A quote: quot;To be or not to bequot;')
this isn't what you see in the debugging on the page, but it is what gets
put into the DB, view the source to see.
So what was once 29 chars, has become 39 characters. So if your DB isn't
expecting these extra characters it won't work.
If you do make sure the db can take the extra chars, then you still have
the
problem with using functions like Left(), try it on the above example and
you'll see that taking the first 11 characters will return A quote:
q(without the quotes :O) which isn't what you want.
Like I said above, if I'm doing this all wrong let me know. Granted using
htmlEditFormat() over my method of replacing all qoutes is easier (is it
faster though if all you're replace is quotes?) but I don't see how you'd
get around the problems I've highlighted above.
Ade
I can burn cds using Adaptec EasyCD Creator and can convert MP3s to normal
audio
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 13 June 2002 21:51
To: CF-Talk
Subject: Re: RE: FW: RE: Quotation Hell
Thank you James.
It still amazes me that loads of people don't use HTMLEditFormat().
Nothing like seeing lots of pages break simply because of people
entering quotes.
- Original Message -
From: James Ang [EMAIL PROTECTED]
Date: Thursday, June 13, 2002 12:52 pm
Subject: RE: FW: RE: Quotation Hell
HTMLEditFormat() is the least used and least understood function
in CFML
amongst most CF developers.
That said, let me explain and alleviate your fears.
First, if you have time, read the RFC for HTML 2.0:
http://www.ietf.org/rfc/rfc1866.txt
Reading the RFC will clue you in that any tag attribute's value
will be
stored in the browser memory with escaped characters like: gt;
quot; amp; translated to their actual literal values:
And when the form submits, the actual literal values in the browser's
memory will be encoded depending on the form's method. For both
GET and
POST operations, these literals: will be converted to: %3e %3c
%22 %26
When the ColdFusion Server receives these form values (GET or POST),
these values %3e %3c %22 %26 will be converted back to:
Hence, when you access your form variables: URL.blah or FORM.blah, the
values would be what the user see's in the his/her browser's form
fields.
The caveat to all of this is UNICODE characters. In IE (not sure in
Netscape), Unicode characters outside of the ASCII range gets encoded
into this format before submission (and before METHOD encoding):
#;
This is then sent as (after METHOD encoding): %26%23%3b
I have verified this with a packet listener in a controlled
environment.:)
In CF 4.x.x (I have not verified CF5 or MX), %26%23%3b is
translatedback to #;
Hence when you access the form variables: URL.blah or FORM.blah, the
value would be: #;
(Note: to %26 conversion may be wrong. It could be: to amp; to
%26amp%3b. I can't remember, but it is all good. The translation is
always kosher with a HTML 2.0 or better compliant browser and server.
:))
The #; issue is something you all are worried about. BUT, for the
purpose of quotation marks, greater/lesser-than signs, and ampersands,
you don't have to worry about them at all with HTMLEditFormat().
You should ALWAYS use HTMLEditFormat(). All other solutions ARE
hackneyed. To fix the problem of #; escaped unicode
characters, use
this workaround:
function smf_HTMLEditFormat(I_str) {
return REReplaceNoCase(HTMLEditFormat(I_str, -1),
amp;(##?[[:alnum:]]+);, \1;, ALL);
}
Hence, even if you stored the data in the DB as: #;, when you
givethe browser: #;, the browser will take care of presenting the
equivalent Unicode character. If it doesn't, it is not a HTML 4.0
compliant browser. :P
I have a good feeling that CF5/MX actually translated the encoded
characters to unicode characters. :P No empirical data
RE: Quotation Hell
Check the docs for #preserveSingleQuotes()#. This will help you avoid problems with quotes in SQL statements. Eric -Original Message- From: Deanna Schneider [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 8:59 AM To: CF-Talk Subject: Quotation Hell Hi Folks, A problem has just cropped up that I've never experienced before, and I swear I'm going insane. I have a regular ol' form, that's pre-populated with data from a query if it's an edit, blank if it's an add. Suddenly, if the edit data includes quotation marks, it's cutting the rest of the item off at the quote marks. What the heck?!? I've never had this problem before, and I didn't change any code. Am I nuts? -d Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Quotation Hell
I've yet to see a fool proof way of doing this, depending on how much you care about the form, you could compensate for one quote over the other. If you know that the value will only ever contain a double quote, use single quotes in the html, value='whatever', or visa versa. If you're not sure what the value will be when editing, get rid of all types of quotes and replace them with the entity name, value, what ever it's called. quot; or #34; for straight down double quotes, another problem will come about when the left and right double quotes are used. If you don't care much for them strip all double quotes out and replace with #34;. DO the same for single qoutes and it should all be gravey. Do this stripping when you enter the values into the DB for the first time, and everytime you edit them. One problem with this is the limits you set on the input boxes and the DB, because a single character becomes five characters, namely #34;. So remeber to compensate for this in the DB. If at any point you use Left() to only show a small bit of the data, you may inadvertently chop the #34; in the middle which will then not appear correctly. I hope that makes sense. I know it did in my head :OP Ade -Original Message- From: Deanna Schneider [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 13:59 To: CF-Talk Subject: Quotation Hell Hi Folks, A problem has just cropped up that I've never experienced before, and I swear I'm going insane. I have a regular ol' form, that's pre-populated with data from a query if it's an edit, blank if it's an add. Suddenly, if the edit data includes quotation marks, it's cutting the rest of the item off at the quote marks. What the heck?!? I've never had this problem before, and I didn't change any code. Am I nuts? -d Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Quotation Hell
try using the function: htmleditformat or function : preservesinglequotes - Original Message - From: Deanna Schneider [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 8:59 AM Subject: Quotation Hell Hi Folks, A problem has just cropped up that I've never experienced before, and I swear I'm going insane. I have a regular ol' form, that's pre-populated with data from a query if it's an edit, blank if it's an add. Suddenly, if the edit data includes quotation marks, it's cutting the rest of the item off at the quote marks. What the heck?!? I've never had this problem before, and I didn't change any code. Am I nuts? -d Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Quotation Hell
Yep. That makes sense. I wonder why in two years I've never come across this as a problem before. Ugh. -d Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Quotation Hell
One more thing, and you'll probably not want to use this method, but I like it... you could scan through the data looking for single or double qoutes, which ever you find, change the value= to the opposite. So if you find a , use ' in the html. This falls down when you have a value with both single and doubles in. It might be worth baring in mind if you know one OR the other will be used. As for why you've never come across it, there's no reason why you should have till it reared it's ugly head! Ade -Original Message- From: Deanna Schneider [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 14:23 To: CF-Talk Subject: Re: Quotation Hell Yep. That makes sense. I wonder why in two years I've never come across this as a problem before. Ugh. -d Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Quotation Hell
This happens to the best of us. The only simple options I know of are to either use a textarea if allowing quotes is that important, or just strip out double quotes, perhaps replacing them with nothing or single quotes. Charlie [EMAIL PROTECTED] 06/13/02 09:18AM try using the function: htmleditformat or function : preservesinglequotes - Original Message - From: Deanna Schneider [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 8:59 AM Subject: Quotation Hell Hi Folks, A problem has just cropped up that I've never experienced before, and I swear I'm going insane. I have a regular ol' form, that's pre-populated with data from a query if it's an edit, blank if it's an add. Suddenly, if the edit data includes quotation marks, it's cutting the rest of the item off at the quote marks. What the heck?!? I've never had this problem before, and I didn't change any code. Am I nuts? -d Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Quotation Hell
Contrary to the other people on the list who believe this is a hard problem to fix, it is not. Use HTMLEDITFORMAT. Like, does no one actually read documentation anymore? -Original Message- From: Deanna Schneider [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 6:59 AM To: CF-Talk Subject: Quotation Hell Hi Folks, A problem has just cropped up that I've never experienced before, and I swear I'm going insane. I have a regular ol' form, that's pre-populated with data from a query if it's an edit, blank if it's an add. Suddenly, if the edit data includes quotation marks, it's cutting the rest of the item off at the quote marks. What the heck?!? I've never had this problem before, and I didn't change any code. Am I nuts? -d Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Quotation Hell
No one said it was hard. What's wrong with people giving different answers to a problem? At the very least it will get people thinking about it and you may use these solutions for other problems you come across. I don't think you should ever be worried about saying some thing wrong on a list like this, at least you'll soon be corrected. I'd rather say something wrong and be told the right answer or a better solution than not say anything at all. Anyway, I wouldn't dream of answering a hard question :OP Ade -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 15:57 To: CF-Talk Subject: RE: Quotation Hell Contrary to the other people on the list who believe this is a hard problem to fix, it is not. Use HTMLEDITFORMAT. Like, does no one actually read documentation anymore? -Original Message- From: Deanna Schneider [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 6:59 AM To: CF-Talk Subject: Quotation Hell Hi Folks, A problem has just cropped up that I've never experienced before, and I swear I'm going insane. I have a regular ol' form, that's pre-populated with data from a query if it's an edit, blank if it's an add. Suddenly, if the edit data includes quotation marks, it's cutting the rest of the item off at the quote marks. What the heck?!? I've never had this problem before, and I didn't change any code. Am I nuts? -d Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: Quotation Hell
'there is alot to learn out there and not always the time' the function htmleditformat work successfully on our pages - Original Message - From: Kwang Suh [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 10:56 AM Subject: RE: Quotation Hell Contrary to the other people on the list who believe this is a hard problem to fix, it is not. Use HTMLEDITFORMAT. Like, does no one actually read documentation anymore? -Original Message- From: Deanna Schneider [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 6:59 AM To: CF-Talk Subject: Quotation Hell Hi Folks, A problem has just cropped up that I've never experienced before, and I swear I'm going insane. I have a regular ol' form, that's pre-populated with data from a query if it's an edit, blank if it's an add. Suddenly, if the edit data includes quotation marks, it's cutting the rest of the item off at the quote marks. What the heck?!? I've never had this problem before, and I didn't change any code. Am I nuts? -d Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
FW: RE: Quotation Hell
-Original Message- From: Adrian Lynch Sent: 13 June 2002 17:33 To: '[EMAIL PROTECTED]' Subject: RE: RE: Quotation Hell Thats ok, you can be a jackarse all you want. I hadn't used htmlEditFormat() before, if I had, I might have suggested it. It was a case of I've got a way around it, see if it works for you. One thing you might notice with htmlEditFormat(), is that you still have the problem of extra characters, still becomes quot;, and if that's what you put in you DB and you then use Left(), you have a problem if it chops it, and you still need to make sure your DB is not going to be expecting more than it gets. Now if I'm wrong about this someone please tell me, or is this hackneyed too? Ade -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 16:55 To: [EMAIL PROTECTED] Subject: Re: RE: Quotation Hell Well, you did say that you've yet to see a fool proof way of doing this, when in fact htmlEditFormat() fixes this problem completely. You then proposed a hackneyed (sorry, but it is) solution and then at the end admited that it probably wouldn't work. Sorry for being a jackass. - Original Message - From: Adrian Lynch [EMAIL PROTECTED] Date: Thursday, June 13, 2002 9:09 am Subject: RE: Quotation Hell No one said it was hard. What's wrong with people giving different answersto a problem? At the very least it will get people thinking about it and you may use these solutions for other problems you come across. I don't think you should ever be worried about saying some thing wrong on a list likethis, at least you'll soon be corrected. I'd rather say something wrong and be told the right answer or a better solution than not say anything at all. Anyway, I wouldn't dream of answering a hard question :OP Ade -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 15:57 To: CF-Talk Subject: RE: Quotation Hell Contrary to the other people on the list who believe this is a hard problem to fix, it is not. Use HTMLEDITFORMAT. Like, does no one actually read documentation anymore? -Original Message- From: Deanna Schneider [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 6:59 AM To: CF-Talk Subject: Quotation Hell Hi Folks, A problem has just cropped up that I've never experienced before, and I swear I'm going insane. I have a regular ol' form, that's pre-populated with data from a query if it's an edit, blank if it's an add. Suddenly, if the edit data includesquotation marks, it's cutting the rest of the item off at the quote marks. What the heck?!? I've never had this problem before, and I didn't change any code. Am I nuts? -d Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Quotation Hell
Have a look at my other points though, the converted string can still be messed about with -Original Message- From: Charlie [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 18:29 To: CF-Talk Subject: Re: Quotation Hell 'there is alot to learn out there and not always the time' the function htmleditformat work successfully on our pages - Original Message - From: Kwang Suh [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 10:56 AM Subject: RE: Quotation Hell Contrary to the other people on the list who believe this is a hard problem to fix, it is not. Use HTMLEDITFORMAT. Like, does no one actually read documentation anymore? -Original Message- From: Deanna Schneider [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 6:59 AM To: CF-Talk Subject: Quotation Hell Hi Folks, A problem has just cropped up that I've never experienced before, and I swear I'm going insane. I have a regular ol' form, that's pre-populated with data from a query if it's an edit, blank if it's an add. Suddenly, if the edit data includes quotation marks, it's cutting the rest of the item off at the quote marks. What the heck?!? I've never had this problem before, and I didn't change any code. Am I nuts? -d Deanna Schneider Interactive Media Developer [EMAIL PROTECTED] __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: FW: RE: Quotation Hell
Just jumping in briefly to explain what I did to get around and ' in our apps. Going into the database would be fine (using perserveSingleQuotes() and whatever 'escape' character we could use that the database recognizes), it's pulling out and displaying again that became a problem. So, when we're displaying to the end user... ' became quot;, etc so that it wouldn't break the form fields, etc. Going back into the database via 'save changes' button, the quot; apparently becomes a again going back in... thus, we were able to maintain the 'original' user-submitted value. One thing I hate about certain forum software (and, I won't say which) is that what you submitted isn't what's always returned to the user when they want to edit. I griped about it, but was told that it's faster to do the 'translation' of things before shoving it into the db. They failed to recognize something -- I don't care what it's translation is, I care about data integrity and making sure that if that's what I put in, that's what I get out when I go to edit that data blob. To this day, it's still an issue and I just quit pestering the forum maker as it's their product vs. my opinion. :P I think if you use HTMLEditFormat(), you're putting yourself into a new world of problems. Especially if the characters translate to something else. Not to mention, great... now you gotta worry about storage issue (especially if you're using a varchar field and not a blob-type field). ~Todd On Thu, 13 Jun 2002, Adrian Lynch wrote: -Original Message- From: Adrian Lynch Sent: 13 June 2002 17:33 To: '[EMAIL PROTECTED]' Subject: RE: RE: Quotation Hell Thats ok, you can be a jackarse all you want. I hadn't used htmlEditFormat() before, if I had, I might have suggested it. It was a case of I've got a way around it, see if it works for you. One thing you might notice with htmlEditFormat(), is that you still have the problem of extra characters, still becomes quot;, and if that's what you put in you DB and you then use Left(), you have a problem if it chops it, and you still need to make sure your DB is not going to be expecting more than it gets. Now if I'm wrong about this someone please tell me, or is this hackneyed too? Ade -- Todd Rafferty ([EMAIL PROTECTED]) - http://www.web-rat.com/ | Team Macromedia Volunteer for ColdFusion | http://www.macromedia.com/support/forums/team_macromedia/ | http://www.flashCFM.com/ - webRat (Moderator)| http://www.ultrashock.com/ - webRat (Back-end Moderator) | __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: FW: RE: Quotation Hell
HTMLEditFormat() is the least used and least understood function in CFML
amongst most CF developers.
That said, let me explain and alleviate your fears.
First, if you have time, read the RFC for HTML 2.0:
http://www.ietf.org/rfc/rfc1866.txt
Reading the RFC will clue you in that any tag attribute's value will be
stored in the browser memory with escaped characters like: gt; lt;
quot; amp; translated to their actual literal values:
And when the form submits, the actual literal values in the browser's
memory will be encoded depending on the form's method. For both GET and
POST operations, these literals: will be converted to: %3e %3c
%22 %26
When the ColdFusion Server receives these form values (GET or POST),
these values %3e %3c %22 %26 will be converted back to:
Hence, when you access your form variables: URL.blah or FORM.blah, the
values would be what the user see's in the his/her browser's form
fields.
The caveat to all of this is UNICODE characters. In IE (not sure in
Netscape), Unicode characters outside of the ASCII range gets encoded
into this format before submission (and before METHOD encoding): #;
This is then sent as (after METHOD encoding): %26%23%3b
I have verified this with a packet listener in a controlled environment.
:)
In CF 4.x.x (I have not verified CF5 or MX), %26%23%3b is translated
back to #;
Hence when you access the form variables: URL.blah or FORM.blah, the
value would be: #;
(Note: to %26 conversion may be wrong. It could be: to amp; to
%26amp%3b. I can't remember, but it is all good. The translation is
always kosher with a HTML 2.0 or better compliant browser and server.
:))
The #; issue is something you all are worried about. BUT, for the
purpose of quotation marks, greater/lesser-than signs, and ampersands,
you don't have to worry about them at all with HTMLEditFormat().
You should ALWAYS use HTMLEditFormat(). All other solutions ARE
hackneyed. To fix the problem of #; escaped unicode characters, use
this workaround:
function smf_HTMLEditFormat(I_str) {
return REReplaceNoCase(HTMLEditFormat(I_str, -1),
amp;(##?[[:alnum:]]+);, \1;, ALL);
}
Hence, even if you stored the data in the DB as: #;, when you give
the browser: #;, the browser will take care of presenting the
equivalent Unicode character. If it doesn't, it is not a HTML 4.0
compliant browser. :P
I have a good feeling that CF5/MX actually translated the encoded
characters to unicode characters. :P No empirical data to prove it
though. :P
Alright. That's my take on this issue. :)
James Ang
Senior Programmer
MedSeek, Inc.
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 13, 2002 10:48 AM
To: CF-Talk
Subject: Re: FW: RE: Quotation Hell
Just jumping in briefly to explain what I did to get around and ' in
our
apps. Going into the database would be fine (using
perserveSingleQuotes() and whatever 'escape' character we could use that
the database recognizes), it's pulling out and displaying again that
became a problem.
So, when we're displaying to the end user... ' became quot;, etc so
that it wouldn't break the form fields, etc. Going back into the
database via 'save changes' button, the quot; apparently becomes a
again going back in... thus, we were able to maintain the 'original'
user-submitted value.
One thing I hate about certain forum software (and, I won't say which)
is
that what you submitted isn't what's always returned to the user when
they
want to edit. I griped about it, but was told that it's faster to do
the
'translation' of things before shoving it into the db. They failed to
recognize something -- I don't care what it's translation is, I care
about
data integrity and making sure that if that's what I put in, that's what
I
get out when I go to edit that data blob. To this day, it's still an
issue and I just quit pestering the forum maker as it's their product
vs.
my opinion. :P
I think if you use HTMLEditFormat(), you're putting yourself into a new
world of problems. Especially if the characters translate to
something else. Not to mention, great... now you gotta worry about
storage issue (especially if you're using a varchar field and not a
blob-type field).
~Todd
On Thu, 13 Jun 2002, Adrian Lynch wrote:
-Original Message-
From: Adrian Lynch
Sent: 13 June 2002 17:33
To: '[EMAIL PROTECTED]'
Subject: RE: RE: Quotation Hell
Thats ok, you can be a jackarse all you want. I hadn't used
htmlEditFormat()
before, if I had, I might have suggested it. It was a case of I've got
a way
around it, see if it works for you.
One thing you might notice with htmlEditFormat(), is that you still
have the
problem of extra characters, still becomes quot;, and if that's
what you
put in you DB and you then use Left(), you have a problem if it chops
it,
and you still need to make sure your DB
Re: RE: FW: RE: Quotation Hell
Thank you James.
It still amazes me that loads of people don't use HTMLEditFormat().
Nothing like seeing lots of pages break simply because of people
entering quotes.
- Original Message -
From: James Ang [EMAIL PROTECTED]
Date: Thursday, June 13, 2002 12:52 pm
Subject: RE: FW: RE: Quotation Hell
HTMLEditFormat() is the least used and least understood function
in CFML
amongst most CF developers.
That said, let me explain and alleviate your fears.
First, if you have time, read the RFC for HTML 2.0:
http://www.ietf.org/rfc/rfc1866.txt
Reading the RFC will clue you in that any tag attribute's value
will be
stored in the browser memory with escaped characters like: gt;
quot; amp; translated to their actual literal values:
And when the form submits, the actual literal values in the browser's
memory will be encoded depending on the form's method. For both
GET and
POST operations, these literals: will be converted to: %3e %3c
%22 %26
When the ColdFusion Server receives these form values (GET or POST),
these values %3e %3c %22 %26 will be converted back to:
Hence, when you access your form variables: URL.blah or FORM.blah, the
values would be what the user see's in the his/her browser's form
fields.
The caveat to all of this is UNICODE characters. In IE (not sure in
Netscape), Unicode characters outside of the ASCII range gets encoded
into this format before submission (and before METHOD encoding):
#;
This is then sent as (after METHOD encoding): %26%23%3b
I have verified this with a packet listener in a controlled
environment.:)
In CF 4.x.x (I have not verified CF5 or MX), %26%23%3b is
translatedback to #;
Hence when you access the form variables: URL.blah or FORM.blah, the
value would be: #;
(Note: to %26 conversion may be wrong. It could be: to amp; to
%26amp%3b. I can't remember, but it is all good. The translation is
always kosher with a HTML 2.0 or better compliant browser and server.
:))
The #; issue is something you all are worried about. BUT, for the
purpose of quotation marks, greater/lesser-than signs, and ampersands,
you don't have to worry about them at all with HTMLEditFormat().
You should ALWAYS use HTMLEditFormat(). All other solutions ARE
hackneyed. To fix the problem of #; escaped unicode
characters, use
this workaround:
function smf_HTMLEditFormat(I_str) {
return REReplaceNoCase(HTMLEditFormat(I_str, -1),
amp;(##?[[:alnum:]]+);, \1;, ALL);
}
Hence, even if you stored the data in the DB as: #;, when you
givethe browser: #;, the browser will take care of presenting the
equivalent Unicode character. If it doesn't, it is not a HTML 4.0
compliant browser. :P
I have a good feeling that CF5/MX actually translated the encoded
characters to unicode characters. :P No empirical data to prove it
though. :P
Alright. That's my take on this issue. :)
James Ang
Senior Programmer
MedSeek, Inc.
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 13, 2002 10:48 AM
To: CF-Talk
Subject: Re: FW: RE: Quotation Hell
Just jumping in briefly to explain what I did to get around and
' in
our
apps. Going into the database would be fine (using
perserveSingleQuotes() and whatever 'escape' character we could
use that
the database recognizes), it's pulling out and displaying again
that
became a problem.
So, when we're displaying to the end user... ' became quot;,
etc so
that it wouldn't break the form fields, etc. Going back into the
database via 'save changes' button, the quot; apparently becomes
a
again going back in... thus, we were able to maintain the
'original'
user-submitted value.
One thing I hate about certain forum software (and, I won't say which)
is
that what you submitted isn't what's always returned to the user when
they
want to edit. I griped about it, but was told that it's faster to do
the
'translation' of things before shoving it into the db. They
failed to
recognize something -- I don't care what it's translation is, I care
about
data integrity and making sure that if that's what I put in,
that's what
I
get out when I go to edit that data blob. To this day, it's still
an
issue and I just quit pestering the forum maker as it's their product
vs.
my opinion. :P
I think if you use HTMLEditFormat(), you're putting yourself into
a new
world of problems. Especially if the characters translate to
something else. Not to mention, great... now you gotta worry
about
storage issue (especially if you're using a varchar field and not
a
blob-type field).
~Todd
On Thu, 13 Jun 2002, Adrian Lynch wrote:
-Original Message-
From: Adrian Lynch
Sent: 13 June 2002 17:33
To: '[EMAIL PROTECTED]'
Subject: RE: RE: Quotation Hell
Re: RE: Quotation Hell
One thing you might notice with htmlEditFormat(), is that you still have the problem of extra characters, still becomes quot;, and if that's what you put in you DB and you then use Left(), you have a problem if it chops it, and you still need to make sure your DB is not going to be expecting more than it gets. Now if I'm wrong about this someone please tell me, or is this hackneyed too? I think you'll find those entities like quot; will be translated when the form is submitted. i.e. Form.MyField won't have them, just regular quotes etc. Cool bananas huh?! __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
