how to convert special characters?

RTT

Active member
Joined
Mar 16, 2005
Messages
26
Programming Experience
Beginner
In php you have a function htmlenities to convert special character. for example if you write a string to an sqlserver but the string contains ' you'll receive an error in your sql-query.

is their an easy way to escape or convert these special characters?
 

RTT

Active member
Joined
Mar 16, 2005
Messages
26
Programming Experience
Beginner
i have a textbox that receives input from a user: for example he enters: frank's special surprise

this is save in a string input

when i try to to enter this into a query like:
"UPDATE dbo.resource SET description = " & input & " where id = 1"

because of the ' in the inputstring the query will give an error. There can be more characters that cause error. maybe \ and / and other characters can cause error's i have'nt tried them all. but in php their was a simple function. maybe somthing exists in vb.net or sql too?
 

kulrom

Well-known member
Joined
May 10, 2005
Messages
2,854
Location
Republic of Macedonia
Programming Experience
10+
PHP is the one I've never learned ;) ... but i'm sure we can resolve this if you tell me what would be replacement for these characters? Replace with what??? i.e "/" will replace with " " (an empty string) or will be simply removed from there?

Cheers ;)
 

RTT

Active member
Joined
Mar 16, 2005
Messages
26
Programming Experience
Beginner
indeed, i'm currently trying what characters lead to errors so i can remove them....
 

RTT

Active member
Joined
Mar 16, 2005
Messages
26
Programming Experience
Beginner
now we're talking :p

how can you limit the control? can you make it that they can't enter a ' or waht do you mean by limiting. never done it before.
 

RTT

Active member
Joined
Mar 16, 2005
Messages
26
Programming Experience
Beginner
now i just made this function. this removes all the caracters that are dangerous for my script from the input string

VB.NET:
 Public Function removeChars(ByVal input As String) As String 

input = input.Replace("'", "")

input = input.Replace("[", "")

input = input.Replace("]", "")

input = input.Replace("""", "")

Return input

End Function
 

kulrom

Well-known member
Joined
May 10, 2005
Messages
2,854
Location
Republic of Macedonia
Programming Experience
10+
Of course you can make it that they can't enter a ' just you need to know its ASCII value ... or if you are sure that all names will contain only Letters and Digits you can make something like this:

VB.NET:
Function[/color][/size][size=2] IsCharacterAllowed([/size][size=2][color=#0000ff]ByVal[/color][/size][size=2] c [/size][size=2][color=#0000ff]As[/color][/size][size=2][color=#0000ff]Char[/color][/size][size=2]) [/size][size=2][color=#0000ff]As[/color][/size][size=2][color=#0000ff]Boolean
[/color][/size][size=2][color=#0000ff]If[/color][/size][size=2][color=#0000ff]Char[/color][/size][size=2].IsNumber(c) [/size][size=2][color=#0000ff]Then[/color][/size][size=2][color=#0000ff]Return[/color][/size][size=2][color=#0000ff]True
 
[/color][/size][size=2][color=#0000ff]If[/color][/size][size=2][color=#0000ff]Char[/color][/size][size=2].IsLetter(c) [/size][size=2][color=#0000ff]Then[/color][/size][size=2][color=#0000ff]Return[/color][/size][size=2][color=#0000ff]True
 
[/color][/size][size=2][color=#0000ff]If[/color][/size][size=2][color=#0000ff]Char[/color][/size][size=2].IsSymbol(c) [/size][size=2][color=#0000ff]Then[/color][/size][size=2][color=#0000ff]Return[/color][/size][size=2][color=#0000ff]False
 
[/color][/size][size=2][color=#0000ff]If[/color][/size][size=2][color=#0000ff]Char[/color][/size][size=2].IsSeparator(c) [/size][size=2][color=#0000ff]Then[/color][/size][size=2][color=#0000ff]Return[/color][/size][size=2][color=#0000ff]True
 
[/color][/size][size=2][color=#0000ff]End[/color][/size][size=2][color=#0000ff]Function[/color][/size]
[size=2][color=#0000ff]
VB.NET:
[/color][/size][size=2][color=#0000ff]Private[/color][/size][size=2][color=#0000ff]Sub[/color][/size][size=2] TextBox1_KeyPress([/size][size=2][color=#0000ff]ByVal[/color][/size][size=2] sender [/size][size=2][color=#0000ff]As[/color][/size][size=2][color=#0000ff]Object[/color][/size][size=2], _[/size]
[size=2][color=#0000ff]ByVal[/color][/size][size=2] e [/size][size=2][color=#0000ff]As[/color][/size][size=2] System.Windows.Forms.KeyPressEventArgs) [/size][size=2][color=#0000ff]Handles[/color][/size][size=2] TextBox1.KeyPress
 
[/size][size=2][color=#0000ff]If[/color][/size][size=2][color=#0000ff]Not[/color][/size][size=2] IsCharacterAllowed(e.KeyChar) [/size][size=2][color=#0000ff]Then
 
[/color][/size][size=2]e.Handled = [/size][size=2][color=#0000ff]True
 
[/color][/size][size=2][color=#0000ff]End[/color][/size][size=2][color=#0000ff]If
 
[/color][/size][size=2][color=#0000ff]End[/color][/size][size=2][color=#0000ff]Sub[/color][/size]

[size=2][color=#0000ff]
Cheers :)
 
Last edited:
Top Bottom