deneme bonusu maltcasino bahis siteleri
sex video free download in mobile hot sexy naked indian girls download free xxx video
antalya escort
atasehir eskort bahcelievler escort alanya escort atasehir escort
gaziantep escort
gaziantep escort
escort pendik
erotik film izle Rus escort gaziantep rus escort
vdcasino casino metropol casinomaxi
beylikdüzü escort
deneme bonusu veren siteler deneme bonusu veren siteler
z library books naked ai
deneme bonusu veren siteler
deneme bonusu veren siteler
bahis siteleri
sweet bonanza
casino siteleri
en iyi casino siteleri
deneme bonusu veren siteler
casibom
s
Contact Login Register
h M

JavaScript Function to replace ' and " with Single Quote or Double Quotes

We all know that collecting information from users can be potentially dangerous. Not because the user means to be malicious, but because you may not have a procedure/function in place to handle single quotes or double quotes. This can cause issues when the data is passed to the database. In most cases a SQL Stored Procedure can handle “SQL Injection” with single quotes and double quotes. However with Dynamic Forms or Dynamic Registration tokens should be encapsulated inside of '$(Token)'. So if you’re passing a Token into a stored procedure call:

exec MyProcedure '$(Token)'

You can see how collecting a ' in a textbox and passing to a stored procedure or inserting directly into a database table can become an issue. For instance, let’s say that the value I provided for a textbox in Dynamic Forms was:

FireShot Screen Capture #063 - 'Dynamic Registration' - dnn7_betasprings_com_ModuleTesting_DynamicRegistration_tabid_91_Default_aspx

 

When using the $(FirstName) token from this form in a SQL Completion Event the value would render as:

'John O'Neal'

You can see how handling this on the client side instead of Server side can be beneficial within Dynamic Forms or Dynamic Registration.

 

Add this JavaScript function to your Dynamic Form or Dynamic Registration Custom JavaScript file:

-------------------------------------------------------------------------------------------------------------------------

function Replace_Single_Double_Quotes(DF_QuestionID)
{
    //Assigning passed in parameter to variable
    var QuestionValue = document.getElementById(DF_QuestionID).value;
   
    //This field will assist us in knowing whether to replace " with a left or right double quote
    var NeedRightQuote = 'False';

    //Loop that checks each character in the QuestionValue variable
    for ( var i = 0; i < QuestionValue.length; i++ )
    {
        //Is this character a '?
        if(QuestionValue.charAt(i) == "'")
        {
            //Replace ' with an apostrophe
  &

Thursday, April 11, 2013/Author: Chad Nash/Number of views (263673)/Comments (-)/ Article rating: 4.0
Categories: In The Flow
RSS

Enter your email below AND grab your spot in our big giveaway!

The winner will receive the entire Data Springs Collection 7.0 - Designed to get your website up and running like a DNN superhero (spandex not included).

  
Subscribe