RE: Scrubbing user inputs

Thanks John.

 

I thought I needed to handle it on the client-side

because I didn’;t think it was even making the the trip back due to the error msg.

 

The error I’m getting when bullets and such are being pasted directly from MS Word is:

 

ORA-29262: bad URL

 

If I supply anything else, the form processes normally. Is there a way to “see” the URL it’s assembling?

 

(I plan on implementing the measures Jim mentioned previously. Good ideas.)

 

Monty

 

 

 

Tell us a little more – what errors are you getting – error code, additional information?

What is the datatype of the parameter to your “action” procedure that processes input from the form? ; What is the datatype of the comment column in your table?  Why do you need to handle it client-side?

 

I have used a “clean-up221; routine that handles this server side – it removes white space from the beginning and end of the incoming data, changes non-printable characters to spaces, removes extra spaces and normalizes carriage returns and linefeeds to CRLF sequences before storing the data in the database.

 

 

Hello all,

 

I’ve built a simple html form using the pl/sql web toolkit that has a place for the user to include comments.

It’s been in production for months if not years.

 

Recently, we’ve experienced errors related to the content of the comments
and I’ve traced it to users cutting and pasting content from MS Word directly into the web form comments field.

Even that is fine except for when the user attempts to paste in bullets.

 

I’ll have to handle this on the client-side. Any ideas?

 

 

Regards,

 

Monty