I creating asp c# web application. I have a linkButton (lnkDelete) on first column of each row of gridview. Also i am adding an attribute dynamically to that link button inside "RowDataBound" event of GridView. Like as follows :
lnkDelete.Attributes.Add("onclick", "javascript:return confirm('Are you sure you want to delete this Product :" +
DataBinder.Eval(e.Row.DataItem, "ProductName") + "')");
Now What i am trying to do is when user click that link button a javascript confirm popup open up ,asking "Are you sure you want to delete this product". Every thing work fine . But Problem occures when the name of the products es with sngle quote. Like : Product'One. Syntax Error es in ErrorConsole (javascript) when i click lnkDelete and error is : ( illegal character ) I know the problem is with single quote.
Please suggest me what change required in my above code. I hope i am clear.
I creating asp c# web application. I have a linkButton (lnkDelete) on first column of each row of gridview. Also i am adding an attribute dynamically to that link button inside "RowDataBound" event of GridView. Like as follows :
lnkDelete.Attributes.Add("onclick", "javascript:return confirm('Are you sure you want to delete this Product :" +
DataBinder.Eval(e.Row.DataItem, "ProductName") + "')");
Now What i am trying to do is when user click that link button a javascript confirm popup open up ,asking "Are you sure you want to delete this product". Every thing work fine . But Problem occures when the name of the products es with sngle quote. Like : Product'One. Syntax Error es in ErrorConsole (javascript) when i click lnkDelete and error is : ( illegal character ) I know the problem is with single quote.
Please suggest me what change required in my above code. I hope i am clear.
Share Improve this question edited Oct 5, 2012 at 5:35 Aravind.HU 9,4725 gold badges41 silver badges52 bronze badges asked Oct 5, 2012 at 5:33 Tarun TakTarun Tak 4111 gold badge7 silver badges17 bronze badges 7- Does your ProductName contain a single quote? This looks OK to me. – Adam Plocher Commented Oct 5, 2012 at 5:36
-
Try using the
Replacemethod to doublequote the quote - i.e.,DataBinder.Eval(e.Row.DataItem, "ProductName").Replace("'","''")– Tim Commented Oct 5, 2012 at 5:36 -
@Tim, I think you mean \\'.
DataBinder.Eval(e.Row.DataItem, "ProductName").Replace("'","\\'")– Adam Plocher Commented Oct 5, 2012 at 5:37 - 1 @AdamPlocher - You're correct. I haven't done client-side JavaScript in a while and forgot the escape character. Theory was good, implementation was poor :) – Tim Commented Oct 5, 2012 at 5:38
- @Tim i tried it ,but still same error occurs. – Tarun Tak Commented Oct 5, 2012 at 5:40
4 Answers
Reset to default 6How about adding \ in the single quote?
DataBinder.Eval(e.Row.DataItem, "ProductName").ToString.Replace("'", "\\'")
Use HttpUtility.HtmlEncode
Instead of DataBinder.Eval(e.Row.DataItem, "ProductName")
You can use
HttpUtility.HtmlEncode(DataBinder.Eval(e.Row.DataItem, "ProductName").ToString())
Do you tried escaping the string?
If you have a escaped string, you can unescaping with javascript.
lnkDelete.Attributes.Add("onclick", "javascript:return confirm('Are you sure you want to delete this Product :' + unescape(\'" + escapedString + "\'))");
I did the similar thing in one of my automated tools for Search project. Here is what you can try:
protected void grdKeywords_RowDataBound(object sender, GridViewRowEventArgs e)
{
if (e.Row.RowType == DataControlRowType.DataRow)
{
LinkButton linkDeleteButton = e.Row.FindControl("lnkdel") as LinkButton;
Label lblGridKeyword = e.Row.FindControl("lblGridKeyword") as Label;
TextBox txtGridBox = e.Row.FindControl("txtGridKeyword") as TextBox;
if (lblGridKeyword != null)
{
if (lblGridKeyword.Text.Contains("'"))
{
lblGridKeyword.Text = lblGridKeyword.Text.Replace("'", "'");
}
}
if (txtGridBox != null)
{
if (txtGridBox.Text.Contains("'"))
{
txtGridBox.Text = txtGridBox.Text.Replace("'", "`");
}
}
if (txtGridBox == null)
linkDeleteButton.Attributes.Add("onclick", "javascript:return confirm('Are you sure about deleting keyword: " + lblGridKeyword.Text + " ?')");
else if (lblGridKeyword == null)
linkDeleteButton.Attributes.Add("onclick", "javascript:return confirm('Are you sure about deleting keyword: " + txtGridBox.Text + " ?')");
}
}
lblGridKeyword is the label which holds the data that contains the single quote. I replaced that using ' at the time of RowDataBound. This worked for me.