how to convert special characters?

RTT

Active member
Joined
Mar 16, 2005
Messages
26
Programming Experience
Beginner
In php you have a function htmlenities to convert special character. for example if you write a string to an sqlserver but the string contains ' you'll receive an error in your sql-query.

is their an easy way to escape or convert these special characters?
 
i have a textbox that receives input from a user: for example he enters: frank's special surprise

this is save in a string input

when i try to to enter this into a query like:
"UPDATE dbo.resource SET description = " & input & " where id = 1"

because of the ' in the inputstring the query will give an error. There can be more characters that cause error. maybe \ and / and other characters can cause error's i have'nt tried them all. but in php their was a simple function. maybe somthing exists in vb.net or sql too?
 
now we're talking :p

how can you limit the control? can you make it that they can't enter a ' or waht do you mean by limiting. never done it before.
 
now i just made this function. this removes all the caracters that are dangerous for my script from the input string

VB.NET:
 Public Function removeChars(ByVal input As String) As String 

input = input.Replace("'", "")

input = input.Replace("[", "")

input = input.Replace("]", "")

input = input.Replace("""", "")

Return input

End Function
 
Of course you can make it that they can't enter a ' just you need to know its ASCII value ... or if you are sure that all names will contain only Letters and Digits you can make something like this:

VB.NET:
Function[/color][/size][size=2] IsCharacterAllowed([/size][size=2][color=#0000ff]ByVal[/color][/size][size=2] c [/size][size=2][color=#0000ff]As[/color][/size][size=2][color=#0000ff]Char[/color][/size][size=2]) [/size][size=2][color=#0000ff]As[/color][/size][size=2][color=#0000ff]Boolean
[/color][/size][size=2][color=#0000ff]If[/color][/size][size=2][color=#0000ff]Char[/color][/size][size=2].IsNumber(c) [/size][size=2][color=#0000ff]Then[/color][/size][size=2][color=#0000ff]Return[/color][/size][size=2][color=#0000ff]True
 
[/color][/size][size=2][color=#0000ff]If[/color][/size][size=2][color=#0000ff]Char[/color][/size][size=2].IsLetter(c) [/size][size=2][color=#0000ff]Then[/color][/size][size=2][color=#0000ff]Return[/color][/size][size=2][color=#0000ff]True
 
[/color][/size][size=2][color=#0000ff]If[/color][/size][size=2][color=#0000ff]Char[/color][/size][size=2].IsSymbol(c) [/size][size=2][color=#0000ff]Then[/color][/size][size=2][color=#0000ff]Return[/color][/size][size=2][color=#0000ff]False
 
[/color][/size][size=2][color=#0000ff]If[/color][/size][size=2][color=#0000ff]Char[/color][/size][size=2].IsSeparator(c) [/size][size=2][color=#0000ff]Then[/color][/size][size=2][color=#0000ff]Return[/color][/size][size=2][color=#0000ff]True
 
[/color][/size][size=2][color=#0000ff]End[/color][/size][size=2][color=#0000ff]Function[/color][/size]
[size=2][color=#0000ff]

VB.NET:
[/color][/size][size=2][color=#0000ff]Private[/color][/size][size=2][color=#0000ff]Sub[/color][/size][size=2] TextBox1_KeyPress([/size][size=2][color=#0000ff]ByVal[/color][/size][size=2] sender [/size][size=2][color=#0000ff]As[/color][/size][size=2][color=#0000ff]Object[/color][/size][size=2], _[/size]
[size=2][color=#0000ff]ByVal[/color][/size][size=2] e [/size][size=2][color=#0000ff]As[/color][/size][size=2] System.Windows.Forms.KeyPressEventArgs) [/size][size=2][color=#0000ff]Handles[/color][/size][size=2] TextBox1.KeyPress
 
[/size][size=2][color=#0000ff]If[/color][/size][size=2][color=#0000ff]Not[/color][/size][size=2] IsCharacterAllowed(e.KeyChar) [/size][size=2][color=#0000ff]Then
 
[/color][/size][size=2]e.Handled = [/size][size=2][color=#0000ff]True
 
[/color][/size][size=2][color=#0000ff]End[/color][/size][size=2][color=#0000ff]If
 
[/color][/size][size=2][color=#0000ff]End[/color][/size][size=2][color=#0000ff]Sub[/color][/size]

[size=2][color=#0000ff]

Cheers :)
 
Last edited:
Back
Top