Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
jholovacs
Posting Yak Master
163 Posts |
 Posted - 2008-12-15 : 11:41:33
|
Anyone have a good function to escape html special chars in a select statement? for example, if I have columns with JD Power & Assoc.Ford Model "T"<best> ride out there! I would like to transform them to:JD Power & a m p ; Assoc.Ford Model & q u o t ; T & q u o t ;& l t ; best & g t ; ride out there! forgive the spaces... the forum code is too "smart"...Thanks
SELECT TOP 1 w.[name]FROM dbo.women wINNER JOIN dbo.inlaws i ON i.inlaw_id = w.parent_idWHERE i.net_worth > 10000000 AND i.status IN ('dead', 'dying') AND w.husband_id IS NULLORDER BY w.hotness_factor DESC |
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2008-12-15 : 11:42:58
|
| use REPLACE function |
 |
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2008-12-15 : 12:04:15
|
| http://doc.ddart.net/mssql/sql70/ra-rz_6.htm |
|
|
|
jholovacs
Posting Yak Master
163 Posts |
Posted - 2008-12-15 : 12:08:09
|
I know about the REPLACE function; I was hoping that someone had already written a user-defined function that would properly escape all HTML special characters so i wouldn't have to go through the trouble of writing my own. The text data coming in could be anything, and it seemed like a pain to account for every possibility.Has anyone written something akin to php's htmlspecialchars() function for T-SQL?
SELECT TOP 1 w.[name]FROM dbo.women wINNER JOIN dbo.inlaws i ON i.inlaw_id = w.parent_idWHERE i.net_worth > 10000000 AND i.status IN ('dead', 'dying') AND w.husband_id IS NULLORDER BY w.hotness_factor DESC |
|
|
|
hanbingl
Aged Yak Warrior
652 Posts |
Posted - 2008-12-15 : 15:48:46
|
| Why have it done in the sql side, use your presentation layer for the encode. Much easier. |
|
|
|
|
|
|
escaping html special chars?