Apostrophe problem in javascript 3

[barney2]

I am trying to passs a Company name value that may or may not contain an apostrophe in a hyperlink to a text box in a new window but the application hans when the company name contains an apostrophe. How can I either exclude the apostrophe or pass the correct name. I presume I need some javascript but don't know what function to use.

Thanks for helping

 

[BillyRayPreachersSon]

You should escape the apostrophes... Something like this:

var newClientName = oldClientName.replace('\'', '\\\'');

Hope this helps,

Dan

 

[barney2]

Still not working, I have a table containing a Customer Number and Customer Name. The name may contain the apostrophe. When clicking on the Number, a hyperlink calls a javascript function which populates a hidden text box and then passes this to an already open window:

<script language="javascript">
function myFunction(strID , strName)
{
document.form1.HiddenID.value = strID
document.form1.HiddenName.value = strName

window.opener.document.form1.ClientID.value = document.form1.HiddenID.value
window.opener.document.form1.ClientName.value = document.form1.HiddenName.value
window.close()
}
</script>

Where should I use the replace syntax..?

Thanks in advance..

D

 

[BabyJeffy]

Try this variation:

<script language="javascript">
function myFunction(strID , strName)
{
strName = strName.replace(/'/g,"\'"); // escape all apostrophes

document.form1.HiddenID.value = strID
document.form1.HiddenName.value = strName

window.opener.document.form1.ClientID.value = document.form1.HiddenID.value
window.opener.document.form1.ClientName.value = document.form1.HiddenName.value
window.close()
}
</script>

Jeff

 

[barney2]

Still seems to hang, i.e. clicking on the hyperlink that calls this function doesn't populate the fields on the already opened window. What is the significance of the 'g' in strname.replace(/'/g,"\'")

D

 

[BabyJeffy]

g means global... it replaces all instances of ' with an escaped apostrophe \'

By the sounds of it, your code is breaking somewhere other than the line I have provided you with. If you remove the line I suggested, does everything work as expected (without the apostrophe replacement)? Have you put some alerts in your function to try and isolate the line that it fails on?

Jeff

 

[barney2]

Hi

The page has the following link, it fails on this and doesn't even get as far as the function 'MyFunction'.
The ClientName field could have the apostrophe, when it does, nothing happens, when it doesn't the function runs.

I've tried using the replace as below but no joy:

<td><a href="javascript:myFunction('<%=(ClientDetails.Fields.Item("ClientID").Value) %>','<%=(ClientDetails.Fields.Item("ClientName").Value) %>')">

i tried


<td><a href="javascript:myFunction('<%=(ClientDetails.Fields.Item("ClientID").Value) %>','<%=(replace(ClientDetails.Fields.Item("ClientName").Value,"'","''")) %>')">

 

[tigerjade]

have you tried replacing the apostrophe with its ANSI equivalent instead of escaping it? i had the same problem with sql server & the ANSI code saved my hiney.

var regexp = /'/gi;
var newString = oldString.replace(regexp, "'");

good luck!

tigerjade

 

[barney2]

I can't even pass the value fom the field to a function, it just doesn't get that far so what syntax would I use within the asp tags?

Thanks

 

[tigerjade]

You'll need to clear it of the apostrophes before passing it to asp for handling. Using the code you posted earlier, try this:

<script language="javascript">
function myFunction(strID , strName)
{

document.form1.HiddenID.value = strID;

var regexp = /'/gi;
var newName = strName.replace(regexp, "&#39;");

document.form1.HiddenName.value = newName;

window.opener.document.form1.ClientID.value = document.form1.HiddenID.value;
window.opener.document.form1.ClientName.value = document.form1.HiddenName.value;
window.close();
}
</script>

let's see if that helps

tigerjade

 

[barney2]

but the asp is calling the 'myfunction' function, I've tried your recommendation but the same happens, if the
ClientDetails.Fields.Item("ClientName").Value)
does not contain an apostrophe, the function is called and the company name is populated on the other form, if there is an apostrophe, nothing happens when you click the link.

Any other ideas..?

D

 

[tigerjade]

try this: change the link to submit the form those fields live in, and have the form tag run the function onsubmit.

or if the links have to have ASP on them (since I'm not sure what all your variables are, i'm not going to make any assumptions ), run the replace as a separate function onblur of the name's field. that way, it should replace as soon as they're done typing.

i'll keep my fingers crossed

tigerjade

 

[adam0101]

For SQL, you escape characters by repeating them. For example, the escaped version of ' (one single quote) would be '' (two single quotes). JavaScript uses the \ to escape, so...

When escaping characters retreived from the page to be used in SQL, use:

Replace(Request("fieldValue"),"'","''")

When escaping characters to be displayed on the page within a JavaScript line, use:

<a href="javascript:myFunction('<%=Replace(ClientDetails.Fields.Item("ClientID").Value,"'","\'")%>','<%=Replace(ClientDetails.Fields.Item("ClientName").Value,"'","\'")%>')">

Adam
while(ignorance){perpetuate(violence,fear,hatred);life=life-1};

 

[adam0101]

I should add to my previous post, that when displaying the page, none of the replacing/escaping is being done with JavaScript. You need to take care of it in the ASP so by the time the JavaScript executes, the values are already escaped.

The replacing/escaping of characters for use in SQL should also be done in ASP. If you take care of it on the JavaScript side, a malicious user could hack your code and run extra lines of SQL code.

Adam
while(ignorance){perpetuate(violence,fear,hatred);life=life-1};