s
Contact Login Register
h M

Search Blog...

In The Flow

JavaScript Function to replace ' and " with Single Quote or Double Quotes

We all know that collecting information from users can be potentially dangerous. Not because the user means to be malicious, but because you may not have a procedure/function in place to handle single quotes or double quotes. This can cause issues when the data is passed to the database. In most cases a SQL Stored Procedure can handle “SQL Injection” with single quotes and double quotes. However with Dynamic Forms or Dynamic Registration tokens should be encapsulated inside of '$(Token)'. So if you’re passing a Token into a stored procedure call:

exec MyProcedure '$(Token)'

You can see how collecting a ' in a textbox and passing to a stored procedure or inserting directly into a database table can become an issue. For instance, let’s say that the value I provided for a textbox in Dynamic Forms was:

FireShot Screen Capture #063 - 'Dynamic Registration' - dnn7_betasprings_com_ModuleTesting_DynamicRegistration_tabid_91_Default_aspx

 

When using the $(FirstName) token from this form in a SQL Completion Event the value would render as:

'John O'Neal'

You can see how handling this on the client side instead of Server side can be beneficial within Dynamic Forms or Dynamic Registration.

 

Add this JavaScript function to your Dynamic Form or Dynamic Registration Custom JavaScript file:

-------------------------------------------------------------------------------------------------------------------------

function Replace_Single_Double_Quotes(DF_QuestionID)
{
    //Assigning passed in parameter to variable
    var QuestionValue = document.getElementById(DF_QuestionID).value;
   
    //This field will assist us in knowing whether to replace " with a left or right double quote
    var NeedRightQuote = 'False';

    //Loop that checks each character in the QuestionValue variable
    for ( var i = 0; i < QuestionValue.length; i++ )
    {
        //Is this character a '?
        if(QuestionValue.charAt(i) == "'")
        {
            //Replace ' with an apostrophe
  &

Thursday, April 11, 2013/Author: Chad Nash/Number of views (36974)/Comments (-)/ Article rating: No rating
Categories: In The Flow
RSS

Enter your email below AND grab your spot in our big giveaway!

The winner will receive the entire Data Springs Collection 7.0 - Designed to get your website up and running like a DNN superhero (spandex not included).

  
Subscribe