CODEWITHSUNDEEP
coldfusioncoldfusion-9
Evik James
Evik James

Reputation: 10503

ColdFusion - How to output single quotes into a text field?

I am using ColdFusion 9.

I can't find a means to successfully output a single quote into a text field.

I create form fields using a CFSCRIPT user defined function. (I've minimized the options for the sake of simplicity for this example.)

When my output contains a single quote, the text field gets totally screwed up, be sure to run the example and view the HTML. I have tried using PreserveSingleQuotes() every conceivable way possible. 

// USE EITHER STRING
MyString = "This string works fine.";
MyString = "This single quote's the problem!";
writeOutput(createInputBox(MyString));

// CREATE TEXT INPUT
function createInputBox(Value) {
    LOCAL.Properties = " value='#preserveSingleQuotes(ARGUMENTS.Value)#'";
    LOCAL.Item = "<input size='50' type='text' #LOCAL.Properties# />";
    return LOCAL.Item;
}

Do you know of a solution? ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ANSWER

Get rid of the preserveSingleQuotes() function, as it does nothing outside of a SQL block. (Thanks Adam!).

LOCAL.Properties = " value='#ARGUMENTS.Value#'";

Then, get rid of the single quotes and replaced with escaped double quotes:

LOCAL.Properties = " value=""#ARGUMENTS.Value#""";

This will still choke on strings like this though:

MyString = "This is my F#@'''""$":""ing  problem!";

So, add the htmlEditFormat() function like this:

LOCAL.Properties = " value=""#htmlEditFormat(ARGUMENTS.Value)#""";

Thanks for the help!!!

Upvotes: 2

Views: 2854

Answers (3)

nykash
nykash

Reputation: 447

The issue you're experiencing relates to the character delimiters for the value field. If you use single quotes as field delimiters, and a single quote is provided by your app, there will be a problem. One ways I've dealt with this in the past is to use double quotes for the field. The line shown below should plug into your code:

LOCAL.Properties = " value=""#preserveSingleQuotes(ARGUMENTS.Value)#""";

The approach shown by Sean Kimball is equally valid. Depending on the situation, I've used both approaches.

There was another comment re: preserveSingleQuotes. I can't say that I've used this outside of database calls, but if it works for you in this situation, I've learned something, too!

Upvotes: 2

Adam Cameron
Adam Cameron

Reputation: 29870

A single quote should not give you a problem in an attribute value in HTML, unless: * you're not quoting the attribute values, eg:

<input value=#myvar#>

The solution here is to quote your attributes, eg:

<input value="#myvar#">

or * you are quoting your attributes, but are using single quotes :

<input value='#myVar#'>

Will end up being:

<input value='value with a ' in it'>

This - of course is invalid mark-up: the browser sees the value as 'value with a ', and the rest of it is just garbage.

If you need to do this: * switch to using double-quote delimiters * use htmlEditFormat() around your variable value (this will escape embedded double-quotes).

To troubleshoot this sort of thing, ALWAYS look at the HTML source. This will help you work out what's going on.

NB: to everyone mentioning preserveSingleQuote(): this function does NOTHING outside of a CFQUERY block. So it's not going to help here.

Upvotes: 5

Sean Kimball
Sean Kimball

Reputation: 4494

// CREATE TEXT INPUT
function createInputBox(Value) {
    LOCAL.Properties = ' value="' &#preserveSingleQuotes(ARGUMENTS.Value)#& '"';
    LOCAL.Item = '<input size="50" type="text" #LOCAL.Properties# />';
    return LOCAL.Item;
}

// USE EITHER STRING
MyString = "This string works fine.";
MyString = "This single quote's the problem!";
writeOutput(createInputBox(MyString));

Upvotes: 0

Related Questions