How can I prevent someone from entering in the character " in my JSP?
[136 byte] By [CHEERS] at [2007-9-26 3:25:44] 
How can I prevent someone from entering in the character " in my JSP input text box?PLEASE HELP!!!!URGENT!!!
You can't prevent them from entering it, but you can stop it being passed on from the text box. You could do this from JavaScript or when you parse the information after it has been typed in.
Breakfast at 2007-6-29 11:46:52 >
Could you show me an example of the javascript code to do so?Thank you.
CHEERS at 2007-6-29 11:46:52 >
this should do it - works for both browsers
<%
String sField1 = (request.getParameter("field1") != null) ? request.getParameter("field1").toString().trim() : "";
%>
<html>
<head>
<title>test1.jsp</title>
</head>
<body>
<form name="form1" action="test1.jsp" method="post">
<input name="field1" type="text" onChange='this.value=this.value.replace(/\"/gi, "");' value="<%= sField1 %>">
<input name="btSubmit" type="submit">
</form>
</body>
</html>
seventhelf at 2007-6-29 11:46:52 >
I have tried using this code to prevent someone from usng quotes and yes it does the remove quotes now. The problem now is that the page does not do the regular submit that it did before. When I click on the submit button I have it simply removes the quotes that I had and does not submit the page for the bean to process the adding of the record to the table.
How can I use a line like this to make sure I remove the quotes and do the regular submit of the page when the button is clicked?
This is the line I have to do the submit:
<td align="center" height="100"><INPUT type="submit" value="Add Resource" name="ActionType" onClick="return checkForm()"></td>
CHEERS at 2007-6-29 11:46:52 >
Well, If your code couldnt' handle quotes in the input fileld, then putput an error page to tell the user no quotes are allowed.
thunderBolt at 2007-6-29 11:46:52 >
I think you can try
function checkForm()
{
if (document.formname.fieldname.value.length>0) {
i=document.frm_register.email.value.indexOf(""")
if(i>-1){
alert(document.formname.fieldname.value + " qoute is not allow");document.formname.fieldname.focus();
return false
}
else return true
}else return false
}
liberticide at 2007-6-29 11:46:52 >
I think you can try
function checkForm()
{
if (document.formname.fieldname.value.length>0) {
i=document.formname.fieldname.value.indexOf(""")
if(i>-1){
alert(document.formname.fieldname.value + " qoute is not allow"); document.formname.fieldname.focus();
return false
}
else return true
}else return false
}
liberticide at 2007-6-29 11:46:52 >
function checkForm(){
if(document.forms) {
for(var i=0; i<document.forms.length; i++) {
for(var j=0; j><document.forms.elements.lengh; j++) {
if(((document.forms.elements[j].type"text")||(document.forms.elements[j].type"password"))&&(document.forms.elements[j].value.indexOf(""")==-1)){
alert("Invalid character");
document.forms.elements[j].focus();
return false;
}
}
}
}
return false
}>
liberticide at 2007-6-29 11:46:52 >
I have gotten it to work so that I can prevent someone from adding a string with quotes whereby it removes the quotes before submitting the data to the table.
Thank you VERY much for all of you that helped out.
I am still in need of fixing my problem with a record that may already be in the table with quotes though and from what I have heard so far it looks like using a prepared statement might be my answer.
Could someone please explain to me how the prepared statement works to take a string value from a column in a table and remove the double quotes automatically that it may have in it?
I still need to be able to take a string that may already be in the table that has the double quotes around it and use that sting to place in another table. My problem has been that I am getting an empty string when I try to access that string with quotes around it from my bean. I have been able to query the column of the table, get all the values in the column, put them in an array and then put them into a drop down menu in my JSP (EVEN THE ONES WITH QUOTES APPEAR). It is when I try and use the selected string with quotes from the JSP where I am getting the empty string?
Please help if you can?
CHEERS at 2007-6-29 11:46:52 >
I think if you just want to select some row from database with quotes on the sql statement will just fine. The preparestatement will help to escape the quotes and insert the original string which still contain the quotes if you didn't remove it into database.
[code]
PreparedStatement pstmt = con.prepareStatement("UPDATE EMPLOYEES
SET SALARY = ? WHERE ID = ?");
pstmt.setBigDecimal(1, 153833.00)
pstmt.setInt(2, 110592)
[code]
the index is respect to the order of "?"s
liberticide at 2007-6-29 11:46:52 >
here is another preparestatement
[code]
sql = " update t_shipping set delivery_date_dt=TO_DATE('" +date+"', 'DD-MM-YYYY HH24:MI'), " +
" delivery_time_vc = ?, comments=?, shipping_method_id=?, order_id=0, " +
" update_date_dt=TO_DATE(TO_CHAR(SYSDATE, 'DD-MM-YYYY HH:MI'), " +
" 'DD-MM-YYYY HH:MI'), update_by_in = " + session.getAttribute("userid") + ", shipping_address_id=? where shipping_id =" + shippingid;
PreparedStatement statp = con.prepareStatement(sql);
statp.setString(1,delivery_time);
statp.setString(2,comments);
statp.setInt(3,Integer.parseInt(smethodid));
statp.setString(4, id);
statp.executeUpdate(); // insert data into database
[code]
liberticide at 2007-6-29 11:46:52 >
> You can't prevent them from entering it, but you can
> stop it being passed on from the text box. You could
> do this from JavaScript or when you parse the
> information after it has been typed in.
In fact, you CAN prevent someone typing a character using javascript. But in case of the " character, this means you also can't type the ' (single quote) character.
In the textbox you assign the onKeyUp() to a javascript function. In my case it is the checkKeyPressed function. Then you create following function in javascript.
function checkKeyPressed() {
if (window.event.keyCode == 222) {
var text = document.mijnForm.inputElement.value;
text = text.substring(0, (text.length - 1));
document.mijnForm.inputElement.value = text;
}
Maybe you should put a beep or something in this method as well, but I do not know how that is done.
regards,
Jeroen.
jewes at 2007-6-29 11:46:52 >
Enterprise & Remote Computing New Topic
Enterprise & Remote Computing Hot Topic
Enterprise & Remote Computing
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding