format string for html/javascript

  • Thread starter Abraham Andres Luna
  • Start date
A

Abraham Andres Luna

hello everyone,

is there a method in .net that will format:

MIKE O'CON"NEL\

to:

MIKE O''CON"NEL\\

so that the data i pull from sql is html/javascript safe

and is there a method that will clean up client input data so i can insert
it into sql
if they client enters an apostrophe ' i have to double it up so it can be
inserted, etc

ty
 
A

Andrew Robinson

Your best option is to use Server.UrlEncode()when redisplaying entered text
or displaying text with special characters from SQL.

You should look at using SQL parameters within ADO.NET to protect against or
limit SQL Injection attacks (or deal with single quotes). Replacing single
quotes will require that you again change your text at a later time. There
is nothing inherently wrong with a single quote inside of SQL, but you have
to use a method to insert text other than surrounding it with single quotes
which is not a good practice for other reasons above.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Best ways to translate characters/entities for javascript use and for e-mail 2
Javascript and controls with runat=server? 4
HTML editor in WinForm app 0
calling WebService from javascript client 2
inject JavaScript from code behind 3
passing a string from the server to client side javascript 10
ASP .NET 2.5 - VB - Excel 2003 - Spreadsheet population 1
Server Side Notifications and a Javascript Application... 2

Top