File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSP and the fly likes Submit special characters from text field Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Submit special characters from text field" Watch "Submit special characters from text field" New topic

Submit special characters from text field

Jeff Mychasiw

Joined: Dec 13, 2001
Posts: 5
Our users have a textarea that will hold client notes and are saved to the database upon submit. From time to time they will cut and paste text from MS word. There are certain characters such as a dash and quote that will be encoded by the form as … and – .
These codes get stored in the DB as well and I would prefere if they did not.
Is there anything I can do to prevent this? Do I have to filter all my data before going to the database?
** I already filter out (using struts tag) '<', '>', '"', and '&'. So if turn filtering on, I get “ on the page, and If turn filtering off, I get correct rendering but I runt he risk of HTML format code that I don't want. Any help would be appreciated.
Jeff Mychasiw

Joined: Dec 13, 2001
Posts: 5
Looking at my post, I see that I tried to Express the codes &#8220; and &#8230; and they rendered and it my be hard to read my post. Bottom line is I don't want HTML entity codes in my database.
Sorry for the confusion.
Gerd Rosarius

Joined: Feb 13, 2002
Posts: 24
Hey Jeff,
I guess you want to write text from a HTML-input-field, type="text", to a MySQL or PostgreSQL database.
As far as I know you have to scan the String object for these characters and parse them to HTML-entities. At least the " and ', because they are field limiting elements in MySQL and the most other RDBMS based on SQL.
This works fine if you just want to save the data. If you also want to read it from the database and display it on a JSP you will get in trouble because of the > and <.
To make it brief:
Parse ' and " when you write to the database.
Parse < and > when you read from the database and you want to display text as HTML.

<a href="" target="_blank" rel="nofollow">Brains and Bytes</a> − eTechnology- and Marketing-Services
I agree. Here's the link:
subject: Submit special characters from text field
It's not a secret anymore!