List Info

Thread: RE: Scrubbing user inputs
RE: Scrubbing user inputs
country flaguser name
United States		 2008-07-18 18:00:34 

  


  

    
YOU CAN DO SOME SIMPLE FILTERING ON THE CLIENT-SIDE TO GET YOU PAST THIS ERROR.



ASSUMING YOUR COMMENT FIELD IS NAMED P_COMMENTS AND ITS INSIDE THE FORM NAMED MODULE$COMPONENT$VFORM


IN THE ONCLICK FOR THE SUBMIT BUTTON ADD THIS JS HANDLER


"COMMENTSCRUB(THIS.FORM.P_COMMENTS)"


AND IN A SCRIPT SECTION USE THIS.


FUNCTION COMMENTSCRUB( OTEXT ) {


&NBSP;&NBSP; OTEXT.VALUE = OTEXT.VALUE.ESCAPE();&NBSP;&NBSP; // TURN < INTO &LT; AND & INTO &AMP; ETC.


}





THAT SHOULD GET THE DATA TO THE SERVER AND MOD_PLSQL WILL UNESCAPE THE DATA FOR YOU.















ON FRI 18/07/08 16:45 , 'MONTY LATIOLAIS' PUBLICANS.COM>SENT:













THANKS JOHN.


&NBSP;


I THOUGHT I NEEDED TO HANDLE IT ON THE CLIENT-SIDE 


BECAUSE I DIDN€™T THINK IT WAS EVEN MAKING THE THE TRIP BACK DUE TO THE ERROR MSG.


&NBSP;


THE ERROR I€™M GETTING WHEN BULLETS AND SUCH ARE BEING PASTED DIRECTLY FROM MS WORD IS:


&NBSP;


ORA-29262: BAD URL


&NBSP;


IF I SUPPLY ANYTHING ELSE, THE FORM PROCESSES NORMALLY. IS THERE A WAY TO €śSEE€ť THE URL IT€™S ASSEMBLING?


&NBSP;


(I PLAN ON IMPLEMENTING THE MEASURES JIM MENTIONED PREVIOUSLY. GOOD IDEAS.) 


&NBSP;


MONTY



&NBSP;


&NBSP;










FROM: ML-ERRORSFATCITY.COM [MAILTO:ML-ERRORSFATCITY.COM] ON BEHALF OF JOHN FLACK


SENT: FRIDAY, JULY 18, 2008 11:11 AM


TO: MULTIPLE RECIPIENTS OF LIST ODTUG-WEBDEV-L


SUBJECT: RE: SCRUBBING USER INPUTS


&NBSP;


TELL US A LITTLE MORE €“ WHAT ERRORS ARE YOU GETTING €“ ERROR CODE, ADDITIONAL INFORMATION?


WHAT IS THE DATATYPE OF THE PARAMETER TO YOUR €śACTION€ť PROCEDURE THAT PROCESSES INPUT FROM THE FORM?&NBSP; WHAT IS THE DATATYPE OF THE COMMENT COLUMN IN YOUR TABLE?&NBSP; WHY DO YOU NEED TO HANDLE IT CLIENT-SIDE?


&NBSP;


I HAVE USED A €śCLEAN-UP€ť ROUTINE THAT HANDLES THIS SERVER SIDE €“ IT REMOVES WHITE SPACE FROM THE BEGINNING AND END OF THE INCOMING DATA, CHANGES NON-PRINTABLE CHARACTERS TO SPACES, REMOVES EXTRA SPACES AND NORMALIZES CARRIAGE RETURNS AND LINEFEEDS TO CRLF SEQUENCES BEFORE STORING THE DATA IN THE DATABASE.


&NBSP;






FROM: ML-ERRORSFATCITY.COM [MAILTO:ML-ERRORSFATCITY.COM] ON BEHALF OF MONTY LATIOLAIS


SENT: FRIDAY, JULY 18, 2008 11:31 AM


TO: MULTIPLE RECIPIENTS OF LIST ODTUG-WEBDEV-L


SUBJECT: SCRUBBING USER INPUTS


&NBSP;


HELLO ALL,


&NBSP;


I€™VE BUILT A SIMPLE HTML FORM USING THE PL/SQL WEB TOOLKIT THAT HAS A PLACE FOR THE USER TO INCLUDE COMMENTS. 


IT€™S BEEN IN PRODUCTION FOR MONTHS IF NOT YEARS.


&NBSP;


RECENTLY, WE€™VE EXPERIENCED ERRORS RELATED TO THE CONTENT OF THE COMMENTS 


AND I€™VE TRACED IT TO USERS CUTTING AND PASTING CONTENT FROM MS WORD DIRECTLY INTO THE WEB FORM COMMENTS FIELD.


EVEN THAT IS FINE EXCEPT FOR WHEN THE USER ATTEMPTS TO PASTE IN BULLETS.


&NBSP;


I€™LL HAVE TO HANDLE THIS ON THE CLIENT-SIDE. ANY IDEAS?


&NBSP;


&NBSP;


REGARDS,


&NBSP;


MONTY 

MSG SENT VIA INTERNET AMERICA WEBMAIL - WWW.INTERNETAMERICA.COM		
  

  
  
   
     
    






 [1]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )