This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes JSP and the fly likes Submit special characters from text field Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Submit special characters from text field" Watch "Submit special characters from text field" New topic
Author

Submit special characters from text field

Jeff Mychasiw
Greenhorn

Joined: Dec 13, 2001
Posts: 5
Greetings:
Our users have a textarea that will hold client notes and are saved to the database upon submit. From time to time they will cut and paste text from MS word. There are certain characters such as a dash and quote that will be encoded by the form as … and – .
These codes get stored in the DB as well and I would prefere if they did not.
Is there anything I can do to prevent this? Do I have to filter all my data before going to the database?
** I already filter out (using struts tag) '<', '>', '"', and '&'. So if turn filtering on, I get “ on the page, and If turn filtering off, I get correct rendering but I runt he risk of HTML format code that I don't want. Any help would be appreciated.
Jeff Mychasiw
Greenhorn

Joined: Dec 13, 2001
Posts: 5
Looking at my post, I see that I tried to Express the codes &#8220; and &#8230; and they rendered and it my be hard to read my post. Bottom line is I don't want HTML entity codes in my database.
Sorry for the confusion.
Gerd Rosarius
Greenhorn

Joined: Feb 13, 2002
Posts: 24
Hey Jeff,
I guess you want to write text from a HTML-input-field, type="text", to a MySQL or PostgreSQL database.
As far as I know you have to scan the String object for these characters and parse them to HTML-entities. At least the " and ', because they are field limiting elements in MySQL and the most other RDBMS based on SQL.
This works fine if you just want to save the data. If you also want to read it from the database and display it on a JSP you will get in trouble because of the > and <.
To make it brief:
Parse ' and " when you write to the database.
Parse < and > when you read from the database and you want to display text as HTML.
Greetings
Gerd


<a href="http://www.brainsandbytes.de" target="_blank" rel="nofollow">Brains and Bytes</a> − eTechnology- and Marketing-Services
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Submit special characters from text field
 
Similar Threads
by click on submit buutton the page refresh a get new data from database
Filter and Struts
Filtering Escape characters
How to disable Japnese Character Input in JTextField
how to remove control characters from xml data