Cannot view the saved data when 'apostrophe' is entered in the input

只愿长相守 提交于 2019-12-25 01:34:31

问题


I am trying to modify an existing code (written by my predecessor) which changes the apostrophe (entered along with the test into the text box) to "Å" symbol while displaying it back in the text box. How can I change this? when I tried to remove the symbol from the code, I cannot get the result back/see the saved text in the text box and it gives an error message.

Here is the code of the grid view control in which the result is displayed and this is where I am suppose to click so see what data is entered:

protected void grdActivities_RowDataBound(Object sender, GridViewRowEventArgs e)
    {
        DataRowView dr = e.Row.DataItem as DataRowView;

        if (e.Row.RowType == DataControlRowType.DataRow)
        {

            Label lblPerson = (Label)e.Row.FindControl("lblPerson");
            if (dr["Name"] != DBNull.Value)
                lblPerson.Text = dr["Name"].ToString();

            Label lblDate = (Label)e.Row.FindControl("lblDate");
            if (dr["service_outcome_date"] != DBNull.Value)
                lblDate.Text = dr["service_outcome_date"].ToString();

            Label lblReasonforContact = (Label)e.Row.FindControl("lblReasonforContact");
            if (lblReasonforContact != null)
            {
                if (dr["reason_for_contact_desc"] != DBNull.Value)
                {
                    lblReasonforContact.Text = dr["reason_for_contact_desc"].ToString();
                }

                if (dr["service_desc"] != DBNull.Value)
                {
                    lblReasonforContact.Text = dr["service_desc"].ToString();
                }

                if (dr["health_screening_recommendations_desc"] != DBNull.Value)
                {
                    lblReasonforContact.Text = dr["health_screening_recommendations_desc"].ToString();
                }
            }


            Label lblServiceDeliveryTime = (Label)e.Row.FindControl("lblServiceDeliveryTime");
            if (dr["service_delivery_time"] != DBNull.Value)
                lblServiceDeliveryTime.Text = dr["service_delivery_time_desc"].ToString();

            Label lblcreatedby = (Label)e.Row.FindControl("lblcreatedby");
            if (dr["createdby"] != DBNull.Value)
                lblcreatedby.Text = dr["createdby"].ToString();

            Label lblServiceType = (Label)e.Row.FindControl("lblServiceType");
            if (lblServiceType != null)
            {
                if (dr["contact_desc"] != DBNull.Value)
                    lblServiceType.Text = dr["contact_desc"].ToString();
            }



            string strScriptParam = "";
            string service_id="", psn = "", contact = "", reason = "", outcome = "", servicetraveltime = "", settingtype = "", strOtherTypeOfSetting = "";
            string dtmonth = "", dtday = "", dtyear = "", createby = "", note = "";

            string dtservicemonth = "", dtserviceday = "", dtserviceyear = "", dtfollowupbymonth = "", dtfollowupbyday = "", dtfollowupbyyear = "", service = "", HealthScreening = "", service_completed = "";

            if (dr["service_outcome_id"] != DBNull.Value)
                service_id = dr["service_outcome_id"].ToString();
            if (dr["PSN"] != DBNull.Value)
                psn = dr["PSN"].ToString();
            if (dr["dtDay"] != DBNull.Value)
                dtday = dr["dtDay"].ToString();
            if (dr["dtMonth"] != DBNull.Value)
                dtmonth = dr["dtMonth"].ToString();
            if (dr["dtYear"] != DBNull.Value)
                dtyear = dr["dtYear"].ToString();
            if (dr["mode_of_contact"] != DBNull.Value)
                settingtype = dr["mode_of_contact"].ToString();
            if (dr["other_mode_of_contact"] != DBNull.Value)
                strOtherTypeOfSetting = dr["other_mode_of_contact"].ToString();
            if (dr["contact"] != DBNull.Value)
                contact = dr["contact"].ToString();
            if (dr["reason_for_contact"] != DBNull.Value)
                reason = dr["reason_for_contact"].ToString();
            if (dr["outcome"] != DBNull.Value)
                outcome = dr["outcome"].ToString().Replace("'", "''");
            if (dr["service_delivery_time"] != DBNull.Value)
                servicetraveltime = dr["service_delivery_time"].ToString();
            if (dr["comment"] != DBNull.Value)
                note = dr["comment"].ToString();

            if (dr["health_screening_recommendations"] != DBNull.Value)
                HealthScreening = dr["health_screening_recommendations"].ToString();

            if (dr["service_completed"] != DBNull.Value)
            {
                service_completed = (string)dr["service_completed"].ToString();
            }
            if (dr["service_complete_date"] != DBNull.Value)
            {
                DateTime dtServicedate = (DateTime) dr["service_complete_date"];
                dtservicemonth = dtServicedate.Month.ToString();
                dtserviceday = dtServicedate.Day.ToString();
                dtserviceyear = dtServicedate.Year.ToString();
            }

            if (dr["followup_by_date"] != DBNull.Value)
            {
                DateTime dtfollowupdate = (DateTime)dr["followup_by_date"];
                dtfollowupbymonth = dtfollowupdate.Month.ToString();
                dtfollowupbyday = dtfollowupdate.Day.ToString();
                dtfollowupbyyear = dtfollowupdate.Year.ToString();
            }

            if (dr["service"] != DBNull.Value)
            {
                service = dr["service"].ToString();
            }

            strScriptParam = "'" + service_id + 
                             "','" + psn + 
                             "','" + dtmonth + 
                             "','" + dtday + 
                             "','" + dtyear + 
                             "','" + settingtype + 
                             "','" + contact + 
                             "','" + reason + 
                             "','" + servicetraveltime + 
                             "','" + outcome.Replace("'", "Å").Replace(Environment.NewLine, "\\n")+ 
                             "','" + note.Replace("'", "Å").Replace(Environment.NewLine, "\\n") + 
                             "','" + strOtherTypeOfSetting.Replace("'", "Å").Replace(Environment.NewLine, "\\n") +
                             "','" + HealthScreening +
                             "','" + service_completed +
                             "','" + dtservicemonth +
                             "','" + dtserviceday +
                             "','" + dtserviceyear +
                             "','" + dtfollowupbymonth +
                             "','" + dtfollowupbyday +
                             "','" + dtfollowupbyyear + 
                             "', '" + service + "'";                          

            e.Row.Attributes.Add("style", "cursor:hand");
            e.Row.Attributes.Add("onclick", "javascript:return ShowGridRow(" + strScriptParam + ");");


            ImageButton lnkDel = (ImageButton)e.Row.FindControl("lnkDel");
            if (lnkDel != null)
                lnkDel.Attributes.Add("onclick", "javascript:ShowGridRow(" + strScriptParam + "); DeleteService('" + dr["service_outcome_id"].ToString() + "');");
        }
    }

This is the error message I get:

Message: Expected ')'

And the code, Which i think, needs to be changed!

 "','" + outcome.Replace("'", "Å").Replace(Environment.NewLine, "\\n")+ 
                             "','" + note.Replace("'", "Å").Replace(Environment.NewLine, "\\n") + 
                             "','" + strOtherTypeOfSetting.Replace("'", "Å").Replace(Environment.NewLine, "\\n") +

Any help is appreciated.


回答1:


I have no idea if this is the "real" problem, but I feel like saving some grief later:

using System.Linq;

// for each param, encode it as 'xyz', where xyz is properly escaped
// e.g. if the source was foo'bar then xyz is foo\x27bar for a final
// result of 'foo\x27bar' in the output. This is a valid JS literal
// which evaluates to the string foo'bar
var params = (new string[] { service_id, psn, dtmonth, ..., service })
   .Select(p => "'" + JsEncoder.EncodeString(p) + "'");

// Then join all the 'xyz' with commas so result is 'a','b',...'c'
var strScriptParam = string.join(",", params.ToArray());

// note no "javascript:" protocol for onclick
e.Row.Attributes.Add("onclick", "return ShowGridRow(" + strScriptParam + ");");

At least that will generate valid Javascript literals and preserve the ' in the Javascript.

Where JsEncoder is as follows (C#3):

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;

namespace foobar
{
        public class JsEncoder
        {
            static Regex EncodeLiteralRegex;

            // Format a bunch of literals.
            public static string Format (string format, params object[] items)
            {
                return string.Format(format,
                    items.Select(item => EncodeString("" + item)).ToArray());
            }

            // Given a string, return a string suitable for safe
            // use within a Javascript literal inside a <script> block.
            // This approach errs on the side of "ugly" escaping.
            public static string EncodeString (string value)
            {
                if (EncodeLiteralRegex == null) {
                    // initial accept "space to ~" in ASCII then reject quotes 
                    // and some XML chars (this avoids `</script>`, `<![CDATA[..]]>>`, and XML vs HTML issues)
                    // "/" is not allowed because it requires an escape in JSON
                    var accepted = Enumerable.Range(32, 127 - 32)
                        .Except(new int[] { '"', '\'', '\\', '&', '<', '>', '/' });
                    // pattern matches everything but accepted
                    EncodeLiteralRegex = new Regex("[^" +
                        string.Join("", accepted.Select(c => @"\x" + c.ToString("x2")).ToArray())
                        + "]");
                }
                return EncodeLiteralRegex.Replace(value ?? "", (match) =>
                {
                    var ch = (int)match.Value[0]; // only matches a character at a time
                    return ch <= 127
                        ? @"\x" + ch.ToString("x2") // not JSON
                        : @"\u" + ch.ToString("x4");
                });
            }
        }
}

Happy coding.



来源:https://stackoverflow.com/questions/5821680/cannot-view-the-saved-data-when-apostrophe-is-entered-in-the-input

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!