Let's assume I have an <input> tag. Value of this tag is used on change. The problem is that if a user inputs single or double quotation marks - it breaks the code.
Right now this is solved quite simple:
- Override keypress for these keys;
- Forbid paste to input.
Here is the sample Code:
HTML
<input id="TestInput"></input>
Javascript
$("#TestInput").keypress(function (e) { // override keypress of " or '
if (e.which == 13 || e.which == 34 || e.which == 39) {
return false;
}
})
.bind("paste", function (e) {// forbid paste
e.preventDefault();
})
.change(function(){
var value = $(this).val();
//and then I use this value for my operations
});
Sample Fiddle
The question: is there a better way to get rid of all quotation marks without forbiding paste?
Note: I assume it can be solved with RegExp, but I'm no good with them, so if you can provide a Regexp - this could work.
Thanks everyone in Advance.
Update-1
On change an ajax call is performed to a method which call the DB and quotes break the query somehow like this: query:
var query = "SELECT Column FROM table WHERE somecolumn LIKE '" + inputVal+ "'%";
if inputVal is something like "foo the resulting sting will look like:
var query = "SELECT Column FROM table WHERE somecolumn LIKE '" + "foo+ "'%";
which obviously breaks the query. + there are no items in the Database which contain quotes.
Let's assume I have an <input> tag. Value of this tag is used on change. The problem is that if a user inputs single or double quotation marks - it breaks the code.
Right now this is solved quite simple:
- Override keypress for these keys;
- Forbid paste to input.
Here is the sample Code:
HTML
<input id="TestInput"></input>
Javascript
$("#TestInput").keypress(function (e) { // override keypress of " or '
if (e.which == 13 || e.which == 34 || e.which == 39) {
return false;
}
})
.bind("paste", function (e) {// forbid paste
e.preventDefault();
})
.change(function(){
var value = $(this).val();
//and then I use this value for my operations
});
Sample Fiddle
The question: is there a better way to get rid of all quotation marks without forbiding paste?
Note: I assume it can be solved with RegExp, but I'm no good with them, so if you can provide a Regexp - this could work.
Thanks everyone in Advance.
Update-1
On change an ajax call is performed to a method which call the DB and quotes break the query somehow like this: query:
var query = "SELECT Column FROM table WHERE somecolumn LIKE '" + inputVal+ "'%";
if inputVal is something like "foo the resulting sting will look like:
var query = "SELECT Column FROM table WHERE somecolumn LIKE '" + "foo+ "'%";
which obviously breaks the query. + there are no items in the Database which contain quotes.
Share Improve this question edited Nov 26, 2013 at 8:14 Max Novich asked Nov 26, 2013 at 7:57 Max NovichMax Novich 1,1699 silver badges20 bronze badges 11- 4 Don't prevent the user inputting anything - that's bad for UX. Just make sure your code can handle the quotes. Either escape them, or replace them. – Rory McCrossan Commented Nov 26, 2013 at 7:59
- 4 More important question is why are quotes breaking your code? – Abhitalks Commented Nov 26, 2013 at 7:59
- 3 Use SQLParams instead of directly taking unsanitised user input – jasonscript Commented Nov 26, 2013 at 8:15
- 1 It does have some bearing because depending on what language you've used for your server-side methods, your syntax is going to change. Here's the MSDN article for SQL params in C# – jasonscript Commented Nov 26, 2013 at 8:20
- 1 You should still be santising user input first. Using SQL Params is a good step in the right direction though – jasonscript Commented Nov 26, 2013 at 8:22
1 Answer
Reset to default 6Only handle the data in the textbox:
$("#TestInput").on('input', function () {
var value = $(this).val().replace(/'/g, '').replace(/"/g, '');
// go on with processing data
});