Icon View Thread

The following is the text of the current message along with any replies.
Messages 11 to 20 of 20 total
Thread query problem
Mon, Jul 8 2013 4:58 AMPermanent Link

Matthew Jones

> Doubling the quote is not the problem but if I make a double quote
> from a quote than the query will look for D''HAEMERS in the table
> and not for D'HAEMERS so this will not give the good result?

The original came from:
> ZoekContacten1.Params.Clear;
> ZoekContacten1.Params.Add('Volnaam='''+V_loginnaam+'''');
> Database.Load(ZoekContacten1);
>
> and V_loginnaam=D'HAEMERS

The string passed to the .Add will be:
Volnaam='D'HAEMERS'
Note how many quotes there are. In the code, you are doubling the quotes to make a
single quote. The database parameter needs the same.

I will also mention SQL injection here, in case that V_loginnaam could ever come
from the user. Something to be aware of.

/Matthew Jones/
Fri, Jul 19 2013 10:27 AMPermanent Link

Paul Waegemans

IMS bvba

Avatar

"Tim Young [Elevate Software]" wrote:

Paul,

<< The query also has problems retrieving the names

ÖNER VOLKAN
DENEVE BJÖRN

due to   Ö  I suppose?? >>

No, that shouldn't be an issue.  What problem specifically are you seeing ?
Please try to be as specific as possible when asking for help, and avoid
using generic descriptions of issues such as "having a problem" or "doesn't
work", and please post complete error messages.

Thanks,

Tim Young
Elevate Software
www.elevatesoft.com


Tim,

There is no error caused but the row is not found in the database (I doublechecked and I can see the record in the BackOffice application).

So my application is running very good but 2 problems still remain:

D'HAEMERS  (quote problem) how can I double quote ???

BJÖRN (special characters  Ö )

Until now 600 contacts registered.  Next week should be the 2nd wave (about 1000 people to register) and it would be fine if these 2 poblems where solved...)
Mon, Jul 22 2013 11:22 AMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Paul,

<< D'HAEMERS  (quote problem) how can I double quote ??? >>

I'll work something up for you.

<< BJÖRN (special characters  Ö ) >>

That text saves fine here in a DBISAM table.  Are you using the EWB Web
Server, or something else on the back end ?


Tim Young
Elevate Software
www.elevatesoft.com


Tue, Jul 23 2013 3:05 PMPermanent Link

Paul Waegemans

IMS bvba

Avatar

The Ö saves fine in the DBISAM table at the first registration that is not the problem.

But when the user wants to login the system afterwards then the query that is used to look for the the record in the table does not find the record (and the record is the table for sure)

I'am using EWB Web Server for the Webapplication and DBSRVR for the backoffice application.

I wonder if the problem can be caused by the fact that I put everything in uppercase at the moment of the input:

procedure TFrmHoofd.EdtLoginVoornaamChange(Sender: TObject);
begin
EdtLoginVoornaam.text:=UPPERCASE(EdtLoginVoornaam.text);
end;





That text saves fine here in a DBISAM table.  Are you using the EWB Web
Server, or something else on the back end ?


Tim Young
Elevate Software
www.elevatesoft.com





Attachments: REGISTRATIE.swf
Mon, Jul 29 2013 1:46 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Paul,

<< But when the user wants to login the system afterwards then the query
that is used to look for the the record in the table does not find the
record (and the record is the table for sure)

I'am using EWB Web Server for the Webapplication and DBSRVR for the
backoffice application.

I wonder if the problem can be caused by the fact that I put everything in
uppercase at the moment of the input: >>

No, it's not the upper-casing.  It's the way that the value is coming over
through the URL parameters to the dataset manager on the web server side.
I'll have a fix for this in the next build.

Thanks,

Tim Young
Elevate Software
www.elevatesoft.com
Tue, Sep 22 2015 11:24 AMPermanent Link

Paul Waegemans

IMS bvba

Avatar

Whjat solution can I give to this problem (single quote in an name...)



"Tim Young [Elevate Software]" wrote:

Paul,

<< But when the user wants to login the system afterwards then the query
that is used to look for the the record in the table does not find the
record (and the record is the table for sure)

I'am using EWB Web Server for the Webapplication and DBSRVR for the
backoffice application.

I wonder if the problem can be caused by the fact that I put everything in
uppercase at the moment of the input: >>

No, it's not the upper-casing.  It's the way that the value is coming over
through the URL parameters to the dataset manager on the web server side.
I'll have a fix for this in the next build.

Thanks,

Tim Young
Elevate Software
www.elevatesoft.com
Tue, Sep 22 2015 11:47 AMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Paul,

<< Whjat solution can I give to this problem (single quote in an name...) >>

http://www.elevatesoft.com/manual?action=viewtopic&id=ewb2&topic=QuotedStr

Tim Young
Elevate Software
www.elevatesoft.com
Wed, Sep 23 2015 2:49 PMPermanent Link

Doug B

Tim,

I'm running into a problem with single quotes too, where it seems they aren't being encoded correctly in the URL parameters.

For example:

If I add a parameter like this:

fServerRequest.Params.Values['filter'] := QuotedStr('abcd);

I would expect something like this:

http://localhost:8080/root/customers?filter=%271234%27

Instead I get this:

http://localhost:8080/root/customers?filter=''1234''

Thanks,
Doug
Wed, Sep 23 2015 3:16 PMPermanent Link

Raul

Team Elevate Team Elevate

On 9/23/2015 2:49 PM, Doug B wrote:
> I'm running into a problem with single quotes too, where it seems they aren't being encoded correctly in the URL parameters.

You're looking at URL encoding actually in this case so QuotedStr does
not really apply.

And single quote is not invalid in an URL. RFC
(http://tools.ietf.org/html/rfc3986#section-2.2) specifies reserved
letters which must get encoded) and single quote is not one of them.


> I would expect something like this:
> http://localhost:8080/root/customers?filter=%271234%27

You're trying to do  Percent-Encoding which is allowed but unneccerary
in this case IMHO.  If you wish to achieve it though then call "escape"
function instead (and make sure WebDOM is in uses caluse).

All the main encoding/decoding functions are defined in WebDOM already
so they are accessible : "encodeURI"/"encodeURIComponent"/"escape" as
well as the corresponding decoding ones.

However make sure you read javascript docs as to what each one does as
they serve different purposes (for example
http://stackoverflow.com/questions/332872/encode-url-in-javascript)

Raul
Wed, Sep 23 2015 3:33 PMPermanent Link

Doug B

Raul,

Thank you.  That was VERY helpful!

Doug
« Previous PagePage 2 of 2
Jump to Page:  1 2
Image