Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 15 of 15
  1. #1
    Regular Coder
    Join Date
    Jun 2002
    Location
    Victoria, BC, Canada
    Posts
    962
    Thanks
    0
    Thanked 1 Time in 1 Post

    How to handle single quotes in URLs?

    I'm working on an ASP page that gets a list of books from a database. The page first prints out a list of all the books, each title being a clickable link. Each link goes to the same page with a querystring in the URL. I then retrieve the querystring, get the book's title, and get more information about that book from the database and display the info.

    This works fine for the most part, but I have a few books with a single quote in the title. When I click the link for those books, the page reloads, as expected, and the querystring appears as expected, except that the book's title is cut off after the single quote. This of course will not allow retrieval of that book's info from the db, as the page doesn't have the full title.

    I'm doing this in a loop like this:
    PHP Code:
    While Not objRS.EOF
      strList 
    strList "<li><a href='MyBooks.asp?title=" _
        objRS
    ("Title") & "'>" objRS("Title") & "</a></li>" vbCrLf
      objRS
    .MoveNext
    Wend 
    strList is used to contain the entire string of HTML, which is then displayed on the page, resulting in a list of books with clickable titles.

    The titles appear on the page just fine, single quotes and all. But if I roll the mouse over a book's title with a single quote in it, I see the URL for that info page; it contains the MyBooks.asp, the question mark, and the querystring up to where the single quote would be.

    After all that, my question is: how can I get the single quotes to appear in the link URL? I've taken a look in the ASP forum for similar topics, but from what I've seen, it's mostly just submitting info to the database or just displaying the info - I didn't really see anything about links.

    I'm using classic ASP and Access 2000, if it makes a difference.

    Thanks!

  • #2
    Senior Coder
    Join Date
    Jun 2002
    Location
    Wichita
    Posts
    3,880
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Code:
     While Not objRS.EOF
      strList = strList + "<li><a href='MyBooks.asp?title=" & _
        Server.HtmlEncode(objRS("Title")) & "'>" & objRS("Title") & "</a></li>" & vbCrLf
      objRS.MoveNext
    Wend
    Check out the Forum Search. It's the short path to getting great results from this forum.

  • #3
    Regular Coder
    Join Date
    Jun 2002
    Location
    Victoria, BC, Canada
    Posts
    962
    Thanks
    0
    Thanked 1 Time in 1 Post
    Okay, I tried that. After I saved and refreshed the page, I clicked one of the troublesome links - no good. The status bar (on mouseover) only showed the querystring up to the single quote. I looked in the html source, and saw that the whole title is in the actual link, including the single quote!

    Now that's odd. I wonder if there's some difference between printing the single quote and using it as a link?

  • #4
    Senior Coder
    Join Date
    Jun 2002
    Location
    Wichita
    Posts
    3,880
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Evidently Server.HtmlEncode isn't as complete as it should be but try this:

    Code:
     While Not objRS.EOF
      strList = strList + "<li><a href=""MyBooks.asp?title=" & _
        Server.HtmlEncode(objRS("Title")) & """>" & objRS("Title") & "</a></li>" & vbCrLf
      objRS.MoveNext
    Wend
    Server.HtmlEncode is definitely supposed to catch the double quote so this should work even if the title contains a double quote mark. (Doubling up the double-quotes is the easy way to embed a double quote in VBScript).
    Check out the Forum Search. It's the short path to getting great results from this forum.

  • #5
    Regular Coder
    Join Date
    Jun 2002
    Location
    Victoria, BC, Canada
    Posts
    962
    Thanks
    0
    Thanked 1 Time in 1 Post
    Right, that helped. Now, when I roll over that link, the whole querystring is there. I click on the link, and I go to another page. However, it's an error page. The SQL statement that I use to retrieve the book's info chokes on the single quote inside the title string. What could I do about that?

    EDIT: The query I use to get the book's info after clicking the link is:

    "SELECT * FROM books WHERE title = '" & strTitle & "'"

    (note the single quotes!)

    Yet, when I get to the error page, the error message reads like:
    Syntax error (missing operator) in query expression 'title = 'JavaScript: A Beginner's Guide''

    (again, note the single quotes; I think the single quotes in this case are just to enlcose the problem code)
    Last edited by Grant Palin; 04-30-2004 at 10:10 PM.

  • #6
    Senior Coder
    Join Date
    Jun 2002
    Location
    Wichita
    Posts
    3,880
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Duh! [fx]hand slaps forehead[/fx]

    Use Server.URLEncode instead of Server.HtmlEncode. Sometimes I get so fixated on the first thing that comes to mind that I miss the right answer.
    Check out the Forum Search. It's the short path to getting great results from this forum.

  • #7
    Regular Coder
    Join Date
    Jun 2002
    Location
    Victoria, BC, Canada
    Posts
    962
    Thanks
    0
    Thanked 1 Time in 1 Post
    I've tried that now...The spaces in the querystrings are replaced with character identities, it looks like. And the single quotes have been replaced by entities too.

    The links that were working before still work. However, the problem link is still a problem...Grrr!

    Maybe Access doesn't know how to, like, interpret that single quote...Would that single quote need to be converted to some entity on the info page that Access would understand?

  • #8
    Regular Coder
    Join Date
    Jun 2002
    Location
    Victoria, BC, Canada
    Posts
    962
    Thanks
    0
    Thanked 1 Time in 1 Post
    You know what? I found out that if I replaced each single quote inside the title with TWO single quotes, then stuck that title in the database query string, it would work!

    I suppose it must be something similar to eascaping one double quote with another one...Weird.

    Is there any other way of getting the query to work, other than using two single quotes in the query?

  • #9
    Senior Coder
    Join Date
    Apr 2003
    Location
    England
    Posts
    1,192
    Thanks
    5
    Thanked 13 Times in 13 Posts
    i dont really know what ur asking but, if you want querystrings to include "s you can escape quotes and apostrophes if you do "" instead, if you want it to include 's you do '' instead, like:
    response.redirect "somepage.asp?qs=bob''s ""weird"" tutorial"
    will send you to
    somepage.asp?qs=bob''s%20"weird"%20tutorial
    and you can take this title into the SQL where it will read it as
    somepage.asp?qs=bob's "weird" tutorial (im not sure about the "s but if they dont work make sure the querystring uses double "s too ("")

    spaces change to %20 in the url but are " " in the SQL

    this probably wont help you since i dont really know what you are asking but if it is what you want then use it

    however, i would just send the unique id of the book (ALL of my relational database tables have an id autonumber as the primary key so they have unique identifiers that cannot be modified into duplicate data (stay unique)) then you just do
    <a href="somepage.asp?BookID=42">...</a>
    and in the SQL do
    "SELECT * FROM tablename WHERE ID = " & Request.QueryString("BookID")

    EDIT: also, i always just use "s in html, like ..a href=".. not ..a href='.. or ..a href=..

    if you have problems with things like single quotes, get the asp to write out what its putting in the sql or whatever and view the generated html (view source or whatever your borowser does that lets you see the html)
    Last edited by ghell; 05-02-2004 at 01:34 PM.

  • #10
    zzg
    zzg is offline
    New to the CF scene
    Join Date
    Mar 2004
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You can replace a single quote with two single quote, like:
    strTitle = Replace(strTitle, "'", "''")
    strQuery = "SELECT * FROM books WHERE title = '" & strTitle & "'"

    Try it, hope it helps!
    Last edited by zzg; 05-02-2004 at 02:23 PM.

  • #11
    Regular Coder
    Join Date
    Jun 2002
    Location
    Victoria, BC, Canada
    Posts
    962
    Thanks
    0
    Thanked 1 Time in 1 Post
    Thank you, ghell. Like I mentioned in my last post, I had figured out how to handle the single and double quotes in the book title when running a query.

    Thank you also for the suggestion about using the unique ID number. Access created that for me automatically, but I never paid attention to it. It would certainly make querying easier!

    Thank you too, zzg. That very bit of code was what I came upw ith to solve the quotes problem. I think I'll go with ghell's suggestion about using the unique ID - much simpler.

    Thanks everyone!

  • #12
    Regular Coder
    Join Date
    Oct 2003
    Location
    London, UK
    Posts
    411
    Thanks
    0
    Thanked 1 Time in 1 Post
    This is ages ago now, but I just came across it. The solution is to use Server.URLEncode, not Server.HTMLEncode... that's all folks!

    Marcus Tucker / www / blog
    Web Analyst Programmer / Voted SPF "ASP Guru"

  • #13
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,033
    Thanks
    0
    Thanked 248 Times in 245 Posts
    Roy Sinclair already corrected that mistake.

    Grant Palin, you could have solved your problem (single quotes in SQL) earlier had you read this sticky.

  • #14
    Regular Coder
    Join Date
    Jun 2002
    Location
    Victoria, BC, Canada
    Posts
    962
    Thanks
    0
    Thanked 1 Time in 1 Post
    I know...been there, done that. I actually resolved my intial problem by not using the book's title in he querystring - I just used the book's unique ID number. Much much easier, and much much less hassle. Thanks though.

  • #15
    Regular Coder
    Join Date
    Oct 2003
    Location
    London, UK
    Posts
    411
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by glenngv
    Roy Sinclair already corrected that mistake.
    Ah, so he did. Damn!
    Marcus Tucker / www / blog
    Web Analyst Programmer / Voted SPF "ASP Guru"


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •