Re: PARAMETER vs. OPERATOR (was The BUG is BACK ...)

This WebDNA talk-list message is from

1998

It keeps the original formatting. numero = 18646
interpreted = N
texte = >>All I want is to prevent users from entering < and > into some of my>>form fields ... because disallowing those characters will effectively>>prevent them from creating hyperlinks in those fields.>>That's easy -- no need to use ShowIf at all, just always wrap>[ConvertChars] around your form variables as you're appending them to the>database. Those characters will always be converted to < and > and>they won't show up as hyperlinks.This is not a solution to the problem, it only ends up creating more serious problems ...When someone retrieves their record in order to update it, the fist thing they will see is that all the &<> characters they originally typed are now converted to & and < and > -- which screws up their heads as well as the actual data they entered.Then ... what happens when they update a record WITHOUT changing all those HTML characters back to the way they were in the beginning? Well, that's the FUN part -- because now that record will have all & changed to &And when they update it a second time, it will be &amp; ... and on and on. So I don't think this technique is going to work at all ... unless you can make everyone using your site change all these HTML character representations back into their original form -- in every field -- every time they update a record!But for the sake of argument, I tried your suggestion anyways and it doesn't work, everything disappears after the first ampersand. But apparently that's because you forgot to mention that the convertchars context needs to be nested inside a [url] context in order to get the & characters into the database, so I tried that too -- and even though you might THINK that would have fixed the problem once and for all, it did not. Instead, I type this into the form:whatever & you < think > is rightand I get this out:whatever > you < think > is rightSo THAT made me think that I screwed up my badChars.db file because it's ignoring the > character altogether, and it's messing up the conversion of the ampersand as well. So I checked that db and it sure looks okay to me ... but maybe you can find something wrong with it:from to& &< <> >Well, this is yet another problem with all this character conversion stuff -- but it wasn't going to be a solution that I could use anyways.Maybe you can offer another suggestion?Sincerely,Ken Grome808-737-6499WebDNA Solutionsmailto:ken@webdna.nethttp://www.webdna.net Associated Messages, from the most recent to the oldest:

Re: PARAMETER vs. OPERATOR (was The BUG is BACK ...) (Kenneth Grome 1998)
Re: PARAMETER vs. OPERATOR (was The BUG is BACK ...) (PCS Technical Support 1998)
PARAMETER vs. OPERATOR (was The BUG is BACK ...) (Kenneth Grome 1998)

>>All I want is to prevent users from entering < and > into some of my>>form fields ... because disallowing those characters will effectively>>prevent them from creating hyperlinks in those fields.>>That's easy -- no need to use ShowIf at all, just always wrap>[convertchars] around your form variables as you're appending them to the>database. Those characters will always be converted to < and > and>they won't show up as hyperlinks.This is not a solution to the problem, it only ends up creating more serious problems ...When someone retrieves their record in order to update it, the fist thing they will see is that all the &<> characters they originally typed are now converted to & and < and > -- which screws up their heads as well as the actual data they entered.Then ... what happens when they update a record WITHOUT changing all those HTML characters back to the way they were in the beginning? Well, that's the FUN part -- because now that record will have all & changed to &And when they update it a second time, it will be &amp; ... and on and on. So I don't think this technique is going to work at all ... unless you can make everyone using your site change all these HTML character representations back into their original form -- in every field -- every time they update a record!But for the sake of argument, I tried your suggestion anyways and it doesn't work, everything disappears after the first ampersand. But apparently that's because you forgot to mention that the convertchars context needs to be nested inside a [url] context in order to get the & characters into the database, so I tried that too -- and even though you might THINK that would have fixed the problem once and for all, it did not. Instead, I type this into the form:whatever & you < think > is rightand I get this out:whatever > you < think > is rightSo THAT made me think that I screwed up my badChars.db file because it's ignoring the > character altogether, and it's messing up the conversion of the ampersand as well. So I checked that db and it sure looks okay to me ... but maybe you can find something wrong with it:from to& &< <> >Well, this is yet another problem with all this character conversion stuff -- but it wasn't going to be a solution that I could use anyways.Maybe you can offer another suggestion?Sincerely,Ken Grome808-737-6499WebDNA Solutionsmailto:ken@webdna.nethttp://www.webdna.net Kenneth Grome

DOWNLOAD WEBDNA NOW!

Re: PARAMETER vs. OPERATOR (was The BUG is BACK ...)

1998

Top Articles:

Related Readings: