View Full Version : incomplete data

08-17-2005, 10:09 PM
hi all,
i have a text area which u knw..u can write lots of stuff there but when it's inserted into the db, i only have one word which is the first word....what happen to the long sentence(s) which i have typed in?


08-17-2005, 10:32 PM
does it have anything to do with the fieldlength defined in the database??

08-17-2005, 10:33 PM
I think it would help if you posted some code :) .

08-18-2005, 11:24 AM
hi guys...ok...will post the code here:

this is the initial page where user types in their stuff(eventUpload.asp):

<form method="post" action="eventConfirm.asp" name="evUpload">
<table width="100%" border="0">
<td align="center" class="white" valign="top" width="13%"><hr><br>
<u><font color="#FFFF00">MENU</font></u> <br>
<a href="eventView.asp">View Event</a><br>
<a href="#">Upload Event</a><br>
<br>Delete Events<br><br>Edit Events<br><br><hr></td>
<td width="87%"><table width="92%" border="0" align="center" class="forumline" cellspacing="1" cellpadding="4">
<td height="30" colspan="2" align="center" class="rowbg">Events Upload</td>
<td width="30%" height="22" class="row1">Event Title :</td>
<td width="60%" class="row2">
<input type="text" name="txtEvName" size="80">
<font color="#FF0000"><b>**</b></font> </td>
<td width="30%" class="row1">Event Venue :</td>
<td width="60%" class="row2"><input type="text" name="txtEvLocation" size="80">
<font color="#FF0000"><strong>**</strong></font></td>
<td width="30%" class="row1">Event Speaker :</td>
<td width="60%" class="row2"><input type="text" name="txtEvHandler" size="40">
<font color="#FF0000"><strong>**</strong></font></td>
<td width="30%" class="row1">Event Date : </td>
<td width="60%" class="row2">
<input type="text" name="txtEvDate" size="40">
<strong><font color="#FF0000">**</font></strong></td>
<td width="30%" class="row1">Event Sysnopsis :</td>
<td width="60%" class="row2"><textarea name="txtaSysnopsis" cols="78" rows="4"></textarea></td>
<td width="30%" class="row1">Event SignUp : </td>
<td width="60%" class=row2 align=left><input type="text" name="txtSign" size="80"></td>
<td width="30%" class="row1">Event Weblink : </td>
<td width="60%" class=row2 align=left><input type="text" name="txtWeblink" size="80"></td>
<td width="30%" class="row1">Event Image : </td>
<td width="60%" class=row2 align=left><input name="urlFile" type="file" size="50"> </td>
<td width="30%" class="row1">Event Content Color : </td>
<td width="60%" class="row2" align="left"><input id="pick1123677243field" size="9" onChange="relateColor('pick1123677243', this.value);" title="color" name="txtCol">
<a href="javascript:pickColor('pick1123677243');" id="pick1123677243"
style="border: 1px solid #000000; font-family:Verdana; font-size:10px;
text-decoration: none;">&nbsp;&nbsp;&nbsp;</a>
<script language="javascript">relateColor('pick1123677243', getObj('pick1123677243field').value);</script>
(Click the small box for border color)</td>
<!--<tr><td colspan="2">&nbsp;</td></tr> -->
<tr><td colspan="2" align="center" class="row4">
<input type="submit" name="btnSend" value="Send">&nbsp;
<input type="reset" name="btnReset" value="Reset"> </td>

this is the 2nd page where the values are stored in the hidden input tags(eventConfirm.asp):

<form method="post" action="eventDone.asp" name="uploadOK">
<input type="submit" name="btnSend" value="Send">
<input type="hidden" name="txtEvName" value=<%=request.form("txtEvName")%>>
<input type="hidden" name="txtEvLocation" value=<%=request.form("txtEvLocation")%>>
<input type="hidden" name="txtEvHandler" value=<%=request.form("txtEvHandler")%>>
<input type="hidden" name="txtEvDate" value=<%=request.form("txtEvDate")%>>
<input type="hidden" name="txtaSysnopsis" value=<%=request.form("txtaSysnopsis")%>>
<input type="hidden" name="txtSign" value=<%=request.form("txtSign")%>>
<input type="hidden" name="txtWeblink" value=<%=request.form("txtWeblink")%>>
<input type="hidden" name="txtCol" value=<%=request.form("txtCol")%>>

this is where the data's are inserted to the db(eventDone.asp)

Response.expires = 0 %>
<!-- #include file = "adovbs.inc" -->
<!-- including the function definition file -->
<!-- #include file = "FuncDef.asp" -->
<!-- This file is to update the database after the confirmation -->

<!-- This page confirms that the user's account has been created -->
<!-- This coding inserts the user's details into the database -->

Dim SQLTxt
Dim ran
Dim intRan


ran = 987654321 * Rnd()
intRan = Int(ran)

SQLTxt = "SELECT * from tEvents WHERE evTitle = '" & request.form("txtEvName") & "';"

OpenMyDB dbfile, SQLTxt

DBRecordset("evID") = intRan
DBRecordset("evTitle") = request.form("txtEvName")
DBRecordset("evVenue") = request.form("txtEvLocation")
DBRecordset("evSpeaker") = request.form("txtEvHandler")
DBRecordset("evDate") = request.form("txtEvDate")
DBRecordset("evSynopsis") = request.form("txtaSysnopsis")
DBRecordset("evSignUp") = request.form("txtSign")
DBRecordset("evWebLink") = request.form("txtWeblink")
DBRecordset("evBorderColor") = request.form("txtCol")


the problem is this for everyone of them, whenever a space is encountered...the rest of the characters does not go in...only what is BEFORE the space..here is a snapshot of the record of the db.i'll attach it..so, whats the problem??going nuts here... :(

i will attach the database snapshot here also.see attachment

08-19-2005, 02:27 AM
anyone?? i myself is also shocked by what went in...only just one word of a WHOLE sentence....that means it only inserts anything BEFORE meeting the space(which is only one word for this case).help.....anyone....pls....


08-19-2005, 03:47 AM
i am betting that there was an apostrophe aka single quote used in the string. You need to use the replace function below to allow the full string to be inserted.

replace lone apostrophe with two apostrophes
Replace(yourString, "'", "''")

or replace with ascii character code like below just remove the spaces
in & # 39;

Replace(yourString, "'", "& # 39;")
or you can add this function to prevent sql interjection attacks

Private Function preventInjection(ByRef theString)
theString = Replace(theString, "'", "''") 'removes lone apostrophe's '
theString = Replace(theString, ";", "") 'removes semicolon
theString = Replace(theString, "--", "") 'removes double dash sql comment
preventInjection = theString
End Function

08-19-2005, 04:31 AM
Have you tryed to do a Response.Write(request.form("txtaSysnopsis")) on page two to see if you have your full textarea at that point? I see that you are putting your textarea into a hidden form. I did some looking around and I don't see anything wrong with do that.

<input type="hidden" name="txtaSysnopsis" value=<%=request.form("txtaSysnopsis")%>>

But I am slow I think miranda has hit it.

08-22-2005, 01:43 PM
I did some looking around and I don't see anything wrong with do that.

<input type="hidden" name="txtaSysnopsis" value=<%=request.form("txtaSysnopsis")%>>

There is something wrong with it.

<input type="hidden" name="txtaSysnopsis" value="<%=Server.HTMLEncode(request.form("txtaSysnopsis"))%>">
The value should be enclosed in quotes and must be HTML encoded.