...

View Full Version : Characters JS cannot see?



jdc44
08-20-2007, 03:57 PM
Here is an odd question that I can't seem to get any head-way on when using google.

I have a web form and use JavaScript to validate form entries before submitting the form and inserting values into a db table.

One text area box has its value inserted into an Oralce varchar2(2000) field - 2000 character max field. If a user enters more than 2000 characters into the form box, I pop up an alert box with text stating the problem and to prompt the user to try again.

Here is my problem. I had a user who did copy and paste text from a website into the text area box. The JS validator text worked and the user had to reduce the text he entered. His next try went through, but there was an internal server error due to the code trying to insert 2062 characters into a 2000 character limit field in Oracle. So, 2062 characters got by the validator code and not Oracle.

How did the JS, which seems to work on all tests, let 2062 characters through? How does JavaScript see special characters such as & or é (html entities) and such? I was thinking that maybe some of these types of characters might be seen as one character in Javascript and multiple characters in oracle.

Not sure really, - just hoping to guess correctly.

JS validator code for this form item:
if( document.getElementById("action_comments") ){
var action_comments = document.getElementById("action_comments");
if( action_comments.value ){
// check length
var strlen = action_comments.value.length;
if ( strlen > 2000 ){
alert("The length of your Comments regarding your review action\n cannot excede 2000 characters in length. You entered " + strlen + " characters.\n Please shorten your entry in the Comments field.");
action_comments.focus();
return false;
}
}
}

Thanks for any thoughts or advice. It is appreciated...

Philip M
08-20-2007, 04:09 PM
"I was thinking that maybe some of these types of characters might be seen as one character in Javascript and multiple characters in oracle."

Yes, I am sure that is the reason.

You should also truncate the text string which is entered:-

if (strlen > 2000) { // if too long.... trim it!
form.elementname.value = form.elementname.value.substring(0, 2000);
alert (........

liorean
08-20-2007, 04:59 PM
The question of what characters JavaScript sees depends on several factors.

One factor is that entity references in the HTML source will be expanded to the relevant entity in the HTML parsing, and JavaScript will see the document as it looks after the HTML parsing has taken place.

Another factor is that JavaScript uses UCS-2 encoding. That means that if sent to the server in UTF-8 format some single UCS-2 characters will be 8 bits, some 16 bits and some 24 bits. I have no knowledge of Oracle - which storage format is used for strings in Oracle, a 16 bit or an 8 bit format?

A third factor is that newlines may be changed in the transfer, so you cannot rely on the width of newlines.

jdc44
08-20-2007, 06:24 PM
Yes, this was a character encoding issue. I had entered a lengthy discussion here, but was not permitted to post it. Odd...

Javascript was expecting usc-2 and therefore interpreted the length of the incoming text as though it were usc-2 characters. It saw 2000 or fewer characters in the string.

Oracle was told to expect utf-8 characters (we have this set in our server scripts). Oracle counted more than 2000 character according to utf-8 rules. Thus the error.

Solution,
I cannot trim the text. this is against our business rules. We use PHP, so I may need to use php's utf8_encode() function to force a utf-8 character set. Although, this would happen after the javascript validated the code.

Thanks for the help. Appreciated and a great help.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum