break javascript+db

Forum Moderators: open

Message Too Old, No Replies

break javascript+db

stevelibby

10:09 pm on Aug 4, 2006 (gmt 0)

Hi Peoples
I hope that i am posting this to the right category.
i have found a useful rich text area script. This is great as i can manipulate it and use it to add new records into my db without all the coding, however should i want to modify the record, i cant seem to get the db record to appear in the text area.
I am hoping that someone here can help me out.

Here is the code:

<form name="f1" action="request.asp" method=POST>
<script language="JavaScript"> <!--
var editor1 = new EDITOR();
editor1.create("This is where the text goes");

//--> </script>

How can i get it to show <%=objrs("textArea")%> in place of
"This is where the text goes"
?

bsmither

10:51 pm on Aug 4, 2006 (gmt 0)

Are you replacing the string:
"This is where the text goes" (including quotes)
or are you replacing the string:
This is where the text goes (without the quotes)?

For the .create method's parameter, perhaps you should not be replacing the quotes. That is:
editor1.create("<%=objrs("textArea")%>");

This might also pose a problem if there are quotes and/or apostrophes in the field data.

If you look at the page's source code as it had arrived in the browser, do you see the actual argument, or simply the <%=text%>?

stevelibby

7:50 am on Aug 5, 2006 (gmt 0)

after studing this a little more this morning i have discovered the following:

it also does not like quotes that are in between the quotes so i have tried changing the outside quotes to ' and this works.

var editor1 = new EDITOR();
editor1.create('bla bla bla bla');

when inputting either db or own text if there is a line break in the source code then that when it fails like below:

var editor1 = new EDITOR();
editor1.create("bla bla bla
bla");

i have just gone back into the db and made the code all one line and it now works, so at the point of entry into db how can i make all code one line?

bsmither

12:44 am on Aug 9, 2006 (gmt 0)

Maybe ASP has a replace() function where you can strip all line-ends and replace with a space, and then replace all apostrophes with escaped apostrophes, and then replace all quotes with escaped quotes.

Then when the string gets stuffed into the javascript, it will be pre-cleaned of disruptive characters.

This also means that this will work with any data ASP pulls from a database, anywhere. You can't *always* be able to clean data before it goes into a database (as much as I have tried).