the description should look like - Aircraft Configuration function in the <TypeCode> field. but it's displaying in DB as it is but when checked in UI by retrieving it's displaying like ---"Aircraft Configuration function in the field." here the <typecode> converted into HTML in UI screen.
what other ways I have tried are:
update tblApplicationParam
set fldValueDescription = 'Aircraft Configuration function in the /<TypeCode/> field'
still it didn't fix my problem.
when parameter retrieved in UI screen the description should show up like this --Aircraft Configuration function in the <TypeCode> field.
encode < as < and > as > -- you could either do it in your code with your chosen language's preferred HTML escaping method, or you could do it in SQL, but this means you'd have to update the SQL every time you encountered a symbol that has special meaning in HTML. You should prefer to use a HTML escaping function in your code.
Related
I have a Java Controller and an Apache Velocity file with a variable in which I have the html to show.
For AMP I have some errors of this type:
The tag '' is disallowed.
I start to do a replace like that:
ampParsedBody = ampParsedBody.replaceAll("<iframe ", "<amp-iframe ");
ampParsedBody = ampParsedBody.replaceAll("</iframe>", "</amp-iframe>");
But there are a smarter way?
For example a script or at least a list of all the tag I should replace.
In order to avoid to fix one by one and loose too much time.
I'm trying to update numerous wordpress multisite pages.
I have an ajax script that is posting to a php file where, after the text is formatted, it updates the corresponding table cell.
However, I keep getting the "WordPress database error You have an error in your SQL syntax;" error.
$content = "[shortcode] text processed by shortcode [/shortcode]";
$table = "wp_".$_POST["blogid"]."_posts";
$wpdb->query(" UPDATE {$table} SET post_content={$content} WHERE posts_title='test'");
Is this an issue with the use of square brackets (shortcodes) in the string I wish to use to update the cell?
The syntax seems fine to me, but my SQL knowledge isn't that strong.
In greater detail, I have a mysql query that gets all multisites, then loops through them after making the edits with JS before posting to this php file.
Avoid using string templates directly for query building. You can too-easily include invalid syntax, and since you're reading content directly from the shortcode you're opening your entire database up to SQL-injection attacks. This could give attackers direct access to your database, meaning anyone who can post content could also gain total access to your WordPress.
Always prepare your query first. If you're using $wpdb, the usage is described here: https://developer.wordpress.org/reference/classes/wpdb/prepare/
This will also ensure that the shortcode content you query on is formatted properly.
Currently, I've been assisting someone to convert a site using classic ASP, from using MS Access to MySQL(mainly as a bridge until we get time to do a complete rebuild). The current table uses various protected keywords as column names(Datetime, Date, Order, etc). I'm trying to figure out the proper ways to do a few inserts on these columns. The current code is below:
Set oRSess = Server.CreateObject("ADODB.Recordset")
oRSess.AddNew
oRSess.Fields("Order") = CInt(xyz)
oRSess.Fields("SessionID")
oRSess.Update
Now normally, I'd try to just replace this with a standard SQL insert, but there's lots of code around, that breaks easily. Is there away to add a proper escape character for MySQL to recognize it properly?
I'm in over my head as always, but it's the only way I learn. Right now I am trying to query a column in a database for the current user and return the values. I'm using something like:
#tags = current_user.tags.select(:name).each { |p| p.name}
But it returns:
%5B%23%3CTag+name%3A+%22tag1%22%3E%2C+%23%3CTag+name%3A+%22tag2%22%3E%2C+%23%3CTag+name%3A+%22tag+test%22%3E%5D
From what I understand is that's Url Encoding. Is it possible to clean that up? I've tried using .delete or .gsub but I must be doing something wrong. Any insight? All my research on the site yields how to URL encode, but not URL decode.
For URI encoding/decoding you can take a look at rubyonrails.org:URI::Escape
For displaying HTML in Rails views check out the raw() method rubyonrails.org:ActionView::Helpers::OutputSafetyHelper
i have an tiny editor web page where my users can use this editor and i am saving the html into my database.
i am having issues saving this html to my database. for example if there is a name with a "'" or if there are other html character "<,",">" etc, my code seems to blow up on the insert.
Is there any best practices about taking any arbitrary html and have it persist fully to a db field without worrying about any specific characters.
I'm wondering if you are building the full query. Instead use a parameterized query and that should eliminate your data problems.
string sqlIns = "INSERT INTO table (name, information, other) VALUES (#name, #information, #other)";
SqlCommand cmdIns = new SqlCommand(sqlIns, db.Connection);
cmdIns.Parameters.Add("#name", info);
cmdIns.Parameters.Add("#information", info1);
cmdIns.Parameters.Add("#other", info2);
cmdIns.ExecuteNonQuery();
do you insert using SqlParameter? If yes, you should not have problems, check that.
You could just HtmlEncode the data.
You'll have a HttpContext.Current.Server object, so in pseudo code you'd just do:
Database.Save(HttpContext.Current.Server.HtmlEncode(myHtml));
and to retrieve it:
myHtml = HttpContext.Current.Server.HtmlDecode(DataBase.Load());
Just reading through this - is your problem actually on the insert statement or do you get a problem from the web server before it ever hits your controller? Noticing that you tagged the question with asp.net-mvc, you may need to make sure that you have decorated your controller method with the [ValidateInput(false)] attribute.