Reputation: 61729
c# replace string function not returning expected results
string message = CommonFunctions.SanitiseInput(context.Request.QueryString["msg"]);
And the function is defined as:
// Sanitise input
public static string SanitiseInput(string inputText)
{
string cleanedString = inputText;
cleanedString.Replace("<","<"); // No code
cleanedString.Replace(">", ">");
cleanedString.Replace("&", "&"); // No query string breaks
return cleanedString;
}
Given input "<b>rg</b>" this returns the same, and not "<b>rg</b>"
Upvotes: 2
Views: 2860
Answers (3)
Reputation: 33242
You should use HttpUtility.HtmlEncode(): http://msdn.microsoft.com/en-us/library/system.web.httputility.htmlencode.aspx
Upvotes: 3
Reputation: 8786
I think you need to use cleanedString = cleanedString.Replace("<","<"); etc.
Upvotes: 1
Reputation: 11438
The Replace function in C# does not modify the string itself - it returns a modified version of the string.
Try this:
public static string SanitiseInput(string inputText)
{
string cleanedString = inputText;
cleanedString = cleanedString.Replace("<","<"); // No code
cleanedString = cleanedString.Replace(">", ">");
cleanedString = cleanedString.Replace("&", "&"); // No query string breaks
return cleanedString;
}
For "<b>rg</b>" this will give you "&lt;b&gt;rg&lt;/b&gt;". To fix up the unnecessary conversions to "&", move the third replacement to before the other two, which will give you the result you are expecting.
Upvotes: 7
Related Questions
- String.Replace not replacing the string during runtime
- Why does the Replace() string method not modify my string variable?
- Replace value in string c# not working
- string.Replace (or other string modification) not working
- String.Replace is not working as expected
- String.Replace not working correctly
- Why isn't string.Replace working as I expected?
- string.replace function bug?
- C# string replacement , not working
- string.Replace not behaving as expected