Tell us a little more – what errors are you getting –
error code, additional information?
What is the datatype of the parameter to your “action”
procedure that processes input from the form? ; What is the datatype of the
comment column in your table? Why do you need to handle it client-side?
I have used a “clean-up”; routine that handles this
server side – it removes white space from the beginning and end of the incoming
data, changes non-printable characters to spaces, removes extra spaces and
normalizes carriage returns and linefeeds to CRLF sequences before storing the
data in the database.
From:
ml-errors fatcity.com [mailto:ml-errorsfatcity.com] On Behalf Of Monty
Latiolais
Sent: Friday, July 18, 2008 11:31 AM
To: Multiple recipients of list ODTUG-WEBDEV-L
Subject: Scrubbing user inputs
Hello
all,
I’ve
built a simple html form using the pl/sql web toolkit that has a place for the
user to include comments.
It’s
been in production for months if not years.
Recently,
we’ve experienced errors related to the content of the comments
and I’ve traced it to users cutting and pasting content from MS Word
directly into the web form comments field.
Even
that is fine except for when the user attempts to paste in bullets.
I’ll
have to handle this on the client-side. Any ideas?
Regards,
Monty
|
