Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder
    Join Date
    Jun 2002
    Posts
    406
    Thanks
    0
    Thanked 0 Times in 0 Posts

    How to escape ampersand sign with C# asp.net

    I am creating a page with some menus. The value for the menu comes from the database. If there is an ampersand sign (&) in a word, then the letters after the (&) sign is cut off.

    For example if the word is say 's&w value fields' then its only displaying the letter 's' and the rest is cut off. I have to escape the & sign but how do I do it since its coming from the database (dynamic) and I dont know which one of them have the & sign. I have to display the words as it is from the database. How do I do this?

    Below is my partial code: I have a tablecontrol created and then wrote this code:

    Code:
    string sMName = Request.QueryString["sMName"];
    if (Request.QueryString["sMName"] != null)
    {
    TableCell ModelNameCell = new TableCell();
    HyperLink hlModelName = new HyperLink();
    hlModelName.NavigateUrl = "../products/.aspx?cid=" + iCID + "&sMName=" + sMName;
                    hlModelName.Text = sMName;
    
                    ModelNameCell.Controls.Add(hlModelName);
                    BreadCrumbRow.Controls.Add(ModelNameCell);
                    tblBreadCrumb.Controls.Add(BreadCrumbRow);
    }
    Last edited by chelvis; 11-21-2006 at 04:28 PM.

  • #2
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    Depends on what field that ampersand is in.
    If it ends up in the hyperlink, it's invalid html anyway.
    The thing that puts it into the DB to begin with should be html encoding values that are meant to be used as html output. (script injection attack classic)

    Cheap way:
    stringVariable.Replace ("&"," ")

    Slightly better:
    HttpServerUtility.HtmlEncode(stringVariable)

    Best: the app should do it before you ever hit this problem.

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/

  • #3
    Regular Coder
    Join Date
    Jun 2002
    Posts
    406
    Thanks
    0
    Thanked 0 Times in 0 Posts
    nikkiH, I didnt understand what you mentioned. I am new to SQL Server 2000.

    I just checked the table and it has a column name CategoryName. In this column the data was entered with '&' sign. For example there is a category name called 's&w value'. This is what giving me the problem in my C# code. When I call it, its not understanding anything after & sign.

    Can you help me what I should do in the database?

    PS: Whoever entered it in the database, directly entered them into the database. Not through any html or other things.

  • #4
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    Quote Originally Posted by chelvis View Post
    nikkiH, I didnt understand what you mentioned. I am new to SQL Server 2000.
    PS: Whoever entered it in the database, directly entered them into the database. Not through any html or other things.
    Ah, well, you're stuck dealing with it then.
    Can't make them encode the html as they type it, I suppose.
    Your next project should be to make a form so they can't enter bad data.

    Normally values get into a database because someone made a form and users are entering things in say, a textarea. When you do it that way, you need to encode the values before they ever get into the database in the first place and then you don't have this problem.

    Anyway, since you're stuck and you can't count on data that is valid html, your best bet is probably to just encode it. What that does is it changes values that are not valid html, such as < > & and whatnot into &lt; &gt; and &amp; so that when you display the text, it renders.

    Use this one:
    HttpServerUtility.HtmlEncode(stringVariable)

    See
    http://msdn2.microsoft.com/en-us/lib...tmlencode.aspx
    "Encodes a string to be displayed in a browser."

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •